Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024
Ran by Admin (administrator) on DESKTOP-U499I23 (Micro-Star International Co., Ltd. GF63 Thin 9SC) (24-09-2024 19:10:54)
Running from D:\\FRST64.exe
Loaded Profiles: Admin
Platform: Microsoft Windows 11 Pro Version 23H2 22631.4169 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
(D:\Programmes\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) D:\Programmes\Epic Games\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(D:\Programmes\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) D:\Programmes\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
(explorer.exe ->) (Brio) [File not signed] C:\Program Files\FolderSize\FolderSize.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) D:\Programmes\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe
(explorer.exe ->) (Proton AG -> Proton AG) C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0def78d8fd7b6e2b\RtkAudUService64.exe
(explorer.exe ->) (Signal Messenger, LLC -> Signal Messenger, LLC) C:\Users\Admin\AppData\Local\Programs\signal-desktop\Signal.exe <5>
(explorer.exe ->) (Thesycon Software Solutions GmbH & Co. KG -> ) C:\Program Files\Ableton\Push Driver\x64\AbletonPushCpl.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) D:\Programmes\Steam\steam.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.166.0818.0003\Microsoft.SharePoint.exe
(Micro-Star International CO., LTD. -> Application) C:\Program Files (x86)\MSI\MSI Remind Manager\scmfb.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Proton AG -> ) C:\Program Files\Proton\VPN\v3.2.12\ProtonVPN.exe
(services.exe ->) (Brio) [File not signed] C:\Program Files\FolderSize\FolderSizeSvc.exe
(services.exe ->) (CLEVERFILES INC. -> CleverFiles) C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe
(services.exe ->) (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe
(services.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe
(services.exe ->) (Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
(services.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla\Mozilla VPN\Mozilla VPN.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_3594fcc1d16e3924\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Proton AG -> ProtonVPN) C:\Program Files\Proton\VPN\v3.2.12\ProtonVPNService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4dab0fd1fdeb2aa1\RtkAudUService64.exe
(services.exe ->) (SteelSeries France SASU -> Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24081.55.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(SteelSeries France SASU -> A-Volute) C:\Windows\System32\NhNotifSys.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2435.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2407.3.0_x64__8wekyb3d8bbwe\SnippingTool\SnippingTool.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2409.1001.5.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.4.0.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4dab0fd1fdeb2aa1\RtkAudUService64.exe [2165080 2024-07-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1073144 2021-09-25] (Heidi Computers Ltd -> The Eraser Project)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3741224 2024-09-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919352 2024-09-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [f.lux] => C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe [1528952 2024-02-22] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [Steam] => D:\Programmes\Steam\steam.exe [4407656 2024-07-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [org.whispersystems.signal-desktop] => C:\Users\Admin\AppData\Local\Programs\signal-desktop\Signal.exe [186331072 2024-09-12] (Signal Messenger, LLC -> Signal Messenger, LLC)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [Mozilla_VPN] => C:\Program Files\Mozilla\Mozilla VPN\Mozilla VPN.exe [45662624 2024-05-14] (Mozilla Corporation -> Mozilla Corporation)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [com.messenger] => "C:\Users\Admin\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [CCleaner Smart Cleaning] => "D:\Programmes\CCleaner\CCleaner64.exe" /MONITOR (No File)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [3383912 2024-09-13] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [ProtonVPN] => C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe [17389368 2024-06-13] (Proton AG -> ProtonVPN)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [Proton Drive] => C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe [212861440 2024-07-12] (Proton AG -> Proton AG)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-12] (Brio) [File not signed]
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [EpicGamesLauncher] => D:\Programmes\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36770792 2024-09-10] (Epic Games Inc. -> Epic Games, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon Center.exe - Shortcut.lnk [2024-06-29]
ShortcutTarget: Dragon Center.exe - Shortcut.lnk -> D:\Dragon Center\Dragon Center\Dragon Center.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ableton Push Control Panel Autostart.lnk [2024-08-03]
ShortcutTarget: Ableton Push Control Panel Autostart.lnk -> C:\Program Files\Ableton\Push Driver\x64\AbletonPushCpl.exe (Thesycon Software Solutions GmbH & Co. KG -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AudioFuseControlCenterAgent.lnk [2024-07-14]
ShortcutTarget: AudioFuseControlCenterAgent.lnk -> C:\Program Files (x86)\Arturia\AudioFuse Control Center\AudioFuseControlCenterAgent.exe (Arturia) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MiniFuseControlCenterAgent.lnk [2024-03-09]
ShortcutTarget: MiniFuseControlCenterAgent.lnk -> D:\Programmes\MiniFuse Control Center\MiniFuseControlCenterAgent.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {EAEBD5F6-305F-4363-93EA-B8FF9DDC7491} - System32\Tasks\CCleanerSkipUAC - Admin => "D:\Programmes\CCleaner\CCleaner64.exe" $(Arg0) (No File)
Task: {F54F9D7B-2443-45AA-9354-B0FB6B94A3E0} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317064 2024-04-08] (CyberLink Corp. -> )
Task: {31612308-F572-4FFE-A4A9-E0B12AEF478A} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317064 2024-04-08] (CyberLink Corp. -> )
Task: {CFBF2BFA-FA23-4FE4-A41C-CC14348217EC} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon -> Center\DragonCenter_Updater.exe DragonCenter
Task: {A9DF29D0-FAF7-415F-8D6E-82CF245BFC0D} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2246425733-1572341141-2263144653-1001 => C:\Users\Admin\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-07-19] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {925DA0B7-9203-49C6-B8EA-8576FE3304EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {20596968-0E11-4226-9E29-3A39E339271D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {036360A1-075B-47EA-AF5D-F26060B531DE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312472 2024-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {D36278CB-AB0C-4F7D-A5D3-837252EE0DD4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312472 2024-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {98206514-B4B1-4AE8-A8C9-667FE1C5F8CA} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [187024 2024-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {4C7DC90F-F92F-4558-8A36-5CDF43E534B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3A806043-0180-4B99-8F6A-773ACD05A5D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {52973647-7075-4D7D-85B9-D11B0C5FED80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E0165E2A-DDC7-4B85-8D49-10108269348F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7E8F3C1A-1612-401D-BF59-7D2E4136A208} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2246425733-1572341141-2263144653-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [672328 2024-09-06] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {7F2A1DB3-8B9F-44D7-81B5-A43B312D8A28} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-09-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {6E8E57DF-69A2-4C95-95F9-EE0D7DE791DD} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [6255104 2020-05-06] (Micro-Star International Co., Ltd.) [File not signed]
Task: {8B51DD08-0674-4A42-8664-7A785823140A} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [431384 2018-02-05] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed]
Task: {9B0606D6-C202-403C-9B5A-CD2E8C64217E} - System32\Tasks\MSISCMTsk => C:\Program Files (x86)\MSI\MSI Remind Manager\MSISCMTsk.exe [344184 2020-02-13] (Micro-Star International CO., LTD. -> Application)
Task: {FE111AA1-1261-442B-9A91-517BE5335603} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {8C0A6DBC-C16C-4C93-87FE-417B220457F0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ED217373-2016-4634-B443-547D655D1B7E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {F96EA472-6BD3-4C5F-BBE9-86A6A16D8129} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BA186F8C-44FF-4F39-B7D4-1F3FD47D21DD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CC863C85-A50B-4E09-A47C-4B6656CD43B2} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8C77DDA3-DCFC-4FBC-B5FD-99E71291C58B} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8244AC26-A671-4037-BCA3-426FB39B3AF9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {710E8B9A-2BBC-4328-B249-02230A73B97D} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AC54C57B-4D62-4CB1-A7D7-D7A169D6B43F} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209208 2024-09-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {656ABF2D-23D6-4C6A-A3AB-BE85C7423B0F} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2246425733-1572341141-2263144653-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209208 2024-09-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB3D921B-099E-4A41-BABC-5006F7E33EB3} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [97576 2024-04-08] (CyberLink Corp. -> CyberLink Corp.)
Task: {AEC29B7D-80B9-4D75-A3C3-D419906B405C} - System32\Tasks\Quick Photo Finder_Logon => C:\Program Files\Quick Photo Finder\qpf.exe startupshow (No File)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.0 www.aomeitech.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4f60559a-26f6-48cd-a3e8-d88b45eede32}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4f60559a-26f6-48cd-a3e8-d88b45eede32}: [DhcpDomain] lan
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}: [DhcpDomain] lan
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\05968756C6F513032383: [DhcpNameServer] 192.168.176.104
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\05968756C6F513338363: [DhcpNameServer] 192.168.22.159
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\2426F687D22463237353938313: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\2426F687D22463237353938313: [DhcpDomain] lan
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\2426F687D28333732354033323: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\2426F687D28333732354033323: [DhcpDomain] lan
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}: [DhcpDomain] lan
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}\05968756C6F553831323: [DhcpNameServer] 192.168.91.254
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}\2426F687D27364642373642303: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}\2426F687D27364642373642303: [DhcpDomain] lan
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}\2426F687D28333732354033323D2537484A7: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}\2426F687D28333732354033323D2537484A7: [DhcpDomain] lan
Edge:
=======
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-17]
Edge Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-09-17]
Edge Extension: (Edge relevant text changes) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-23]
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2024-07-31]
FireFox:
========
FF DefaultProfile: jvpicbjs.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jvpicbjs.default [2024-02-24]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release [2024-09-24]
FF Extension: (Facebook Container) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\@contain-facebook.xpi [2024-02-24]
FF Extension: (AdBlocker Ultimate) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2024-07-19]
FF Extension: (Dark Reader) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\addon@darkreader.org.xpi [2024-09-17]
FF Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\appledev@soarinfotech.com.xpi [2024-09-18]
FF Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\firefox@ghostery.com.xpi [2024-09-03]
FF Extension: (Tampermonkey) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\firefox@tampermonkey.net.xpi [2024-05-13]
FF Extension: (To Google Translate) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2024-02-24]
FF Extension: (AdBlock — block ads across the web) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2024-09-11]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2024-08-01]
FF Extension: (Google Translator for Firefox) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\translator@zoli.bod.xpi [2024-04-28]
FF Extension: (Imagus) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi [2024-02-24] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (TWP - Translate Web Pages) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2024-03-11]
FF Extension: (Dark Page) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{0e13aad6-79bd-4287-b466-1f643488ef79}.xpi [2024-02-24]
FF Extension: (OldWood) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{1268dd7d-073e-4bf1-81dc-f1bb0f4f0c2e}.xpi [2024-02-24]
FF Extension: (Dark-ish Rainbow) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{21f69c5d-b9e1-470f-a890-74454e954eee}.xpi [2024-02-24]
FF Extension: (Dark space - The best dynamic theme) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{22b0eca1-8c02-4c0d-a5d7-6604ddd9836e}.xpi [2024-02-24]
FF Extension: (theme sombre) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{7e64ce41-63c3-4f60-a1a4-7b4d93ec450f}.xpi [2024-02-24]
FF Extension: (WOT Website Security & Privacy Protection) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2024-02-24]
FF Extension: (Video DownloadHelper) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2024-09-11]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> D:\Programmes\VLC\npvlc.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-08-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 cfbackd; C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe [309128 2023-03-23] (CLEVERFILES INC. -> CleverFiles)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14042808 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [87169232 2024-09-05] (Electronic Arts, Inc. -> Electronic Arts)
R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [13936744 2024-09-13] (Electronic Arts, Inc. -> Electronic Arts)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncHelper.exe [3523112 2024-09-11] (Microsoft Corporation -> Microsoft Corporation)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-12] (Brio) [File not signed]
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe [1431160 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 MozillaVPNBroker; C:\Program Files\Mozilla\Mozilla VPN\Mozilla VPN.exe [45662624 2024-05-14] (Mozilla Corporation -> Mozilla Corporation)
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe [47568 2018-10-29] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 NahimicService; C:\Windows\system32\NahimicService.exe [1910704 2024-06-21] (SteelSeries France SASU -> Nahimic)
R2 NativePushService; C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [595352 2023-08-22] (Wondershare Technology Group Co.,Ltd -> Wondershare)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [13142392 2024-06-02] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_3594fcc1d16e3924\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-03-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.166.0818.0003\OneDriveUpdaterService.exe [3863984 2024-09-11] (Microsoft Corporation -> Microsoft Corporation)
R3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.2.12\ProtonVPNService.exe [474848 2024-06-13] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.2.12\ProtonVPN.WireGuardService.exe [474336 2024-06-13] (Proton AG -> ProtonVPN)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [625960 2024-04-08] (CyberLink Corp. -> CyberLink)
R2 Sendevsvc; C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe [302888 2019-01-30] (Micro-Star International CO., LTD. -> ) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [530448 2024-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe [3199656 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe [133704 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [X]
S3 LibreOfficeMaintenance; D:\Programmes\LibreOffice\program\update_service.exe [X]
S2 MBAMService; "D:\Programmes\Malwarebytes\MBAMService.exe" [X]
S3 MBVpnTunnelService; "D:\Programmes\Malwarebytes\MBVpnTunnelService.exe" [X]
S3 Rockstar Service; "D:\Programmes\Rockstar\RockstarService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2023-10-10] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 arturiaminifuseusbaudio; C:\Windows\System32\drivers\arturiaminifuseusbaudio.sys [375816 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 arturiaminifuseusbaudioks; C:\Windows\System32\drivers\arturiaminifuseusbaudioks.sys [54792 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 audiofuseusbaudio; C:\Windows\System32\drivers\audiofuseusbaudio.sys [428024 2023-06-29] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 audiofuseusbaudioks; C:\Windows\System32\drivers\audiofuseusbaudioks.sys [55288 2023-06-29] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2023-10-10] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [386552 2021-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Dokan Project)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [231504 2024-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-02-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt11.sys [234168 2024-08-11] (Malwarebytes Inc. -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78928 2024-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2024-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [189776 2024-08-11] (Malwarebytes Inc. -> Malwarebytes)
R3 MozillaVPNSplitTunnel; C:\Program Files\Mozilla\Mozilla VPN\mullvad-split-tunnel.sys [87024 2024-05-14] (Mullvad VPN AB -> Mullvad VPN AB)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [19000 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 Nahimic_Mirroring; C:\Windows\System32\drivers\Nahimic_Mirroring.sys [94784 2022-06-03] (A-Volute SAS -> Windows (R) Win 7 DDK provider)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-04-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.2.12\Resources\ProtonVPN.CalloutDriver.sys [37768 2024-06-13] (Proton AG -> Proton Technologies AG)
R3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [813112 2024-02-25] (Microsoft Windows Hardware Compatibility Publisher -> IDRIX)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22080 2024-09-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602392 2024-09-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2024-09-17] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [18688 2018-07-18] (WDKTestCert heavenluo,131620253795976757 -> )
S3 wintun; C:\Windows\system32\DRIVERS\wintun.sys [36936 2024-02-25] (WireGuard LLC -> WireGuard LLC)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2024-07-29] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S1 afsqntpp; \??\C:\Windows\system32\drivers\afsqntpp.sys [X]
U4 Antares Central Services; no ImagePath
U4 CmWebAdmin.exe; no ImagePath
U3 CodeMeter.exe; no ImagePath
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-09-24 19:10 - 2024-09-24 19:11 - 000000000 ____D C:\FRST
2024-09-17 22:01 - 2024-09-17 22:01 - 000000000 ____D C:\Users\Admin\Games
2024-09-17 22:01 - 2024-09-17 22:01 - 000000000 ____D C:\Program Files (x86)\AOE URL Helper
2024-09-16 13:25 - 2024-09-16 13:25 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-09-13 10:24 - 2024-09-13 10:24 - 000005615 _____ C:\Users\Admin\AppData\Local\recently-used.xbel
2024-09-13 09:54 - 2024-09-13 09:54 - 000000814 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.38.lnk
2024-09-06 08:54 - 2024-09-18 17:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-09-03 14:02 - 2024-09-03 14:02 - 000000000 ____D C:\ProgramData\Origin
2024-09-03 14:02 - 2024-09-03 14:02 - 000000000 ____D C:\ProgramData\Electronic Arts
2024-09-03 14:02 - 2024-09-03 14:02 - 000000000 ____D C:\ProgramData\eaanticheat
2024-09-03 14:02 - 2024-09-03 14:02 - 000000000 ____D C:\Program Files\EA
2024-09-03 13:43 - 2024-09-13 09:53 - 000000000 ____D C:\ProgramData\EA Desktop
2024-09-03 13:43 - 2024-09-03 13:43 - 000000000 ____D C:\Program Files\Electronic Arts
2024-09-03 13:43 - 2024-09-03 13:43 - 000000000 ____D C:\Program Files\EA Games
2024-09-03 13:37 - 2024-09-03 13:37 - 000000000 ____D C:\Users\Admin\AppData\Local\UnrealEngineLauncher
2024-09-03 13:37 - 2024-09-03 13:37 - 000000000 ____D C:\Users\Admin\AppData\Local\EpicGamesLauncher
2024-09-03 13:37 - 2024-09-03 13:37 - 000000000 ____D C:\Users\Admin\AppData\Local\Epic Games
2024-09-03 13:36 - 2024-09-03 13:36 - 000001025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2024-09-03 13:36 - 2024-09-03 13:36 - 000000000 ____D C:\Program Files (x86)\Epic Games
2024-09-03 13:35 - 2024-09-03 13:44 - 000000000 ____D C:\ProgramData\Epic
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-09-24 19:12 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-09-24 19:12 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\AppReadiness
2024-09-24 19:11 - 2024-02-24 00:47 - 000000000 ____D C:\ProgramData\NVIDIA
2024-09-24 19:09 - 2024-02-25 13:59 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Signal
2024-09-24 19:05 - 2024-02-24 07:26 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-09-24 19:05 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-18 23:15 - 2024-08-02 22:22 - 000000000 ____D C:\ProgramData\Common
2024-09-18 22:45 - 2024-02-25 16:34 - 000000000 ____D C:\Users\Admin\AppData\Roaming\discord
2024-09-18 22:02 - 2024-02-25 16:34 - 000000000 ____D C:\Users\Admin\AppData\Local\Discord
2024-09-18 19:17 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemTemp
2024-09-18 17:17 - 2024-02-23 22:45 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2024-09-18 17:17 - 2022-05-07 07:22 - 000000000 ____D C:\Windows\INF
2024-09-18 16:57 - 2024-02-24 01:48 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-09-17 22:01 - 2024-02-23 22:38 - 000000000 ____D C:\Users\Admin
2024-09-17 21:05 - 2024-02-24 07:32 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-09-17 20:58 - 2024-03-24 21:29 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Messenger
2024-09-17 20:58 - 2024-03-24 21:29 - 000000000 ____D C:\Users\Admin\AppData\Local\Messenger
2024-09-17 20:58 - 2024-02-24 07:26 - 000012288 ___SH C:\DumpStack.log.tmp
2024-09-17 20:58 - 2024-02-24 07:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-09-17 20:58 - 2024-02-24 00:50 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2024-09-17 20:58 - 2024-02-24 00:50 - 000000000 ____D C:\Intel
2024-09-17 20:57 - 2024-03-05 15:17 - 000000000 ____D C:\Windows\Minidump
2024-09-17 20:57 - 2024-02-24 07:28 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2024-09-17 20:57 - 1601-01-01 02:00 - 004420408 ____N C:\Windows\Minidump\091724-15406-01.dmp
2024-09-17 18:47 - 2024-02-24 07:26 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-09-16 13:24 - 2024-03-12 10:56 - 000000000 ____D C:\Program Files\Microsoft Office
2024-09-16 13:15 - 2024-02-24 07:26 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-16 13:12 - 2024-03-12 17:37 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Word
2024-09-13 11:05 - 2024-07-26 09:59 - 000000000 ____D C:\Users\Admin\AppData\Local\babl-0.1
2024-09-13 10:24 - 2024-07-26 10:32 - 000000000 ____D C:\Users\Admin\AppData\Local\gtk-2.0
2024-09-11 19:10 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-09-11 19:01 - 2024-04-05 20:26 - 000000000 ____D C:\ProgramData\Packer
2024-09-11 18:55 - 2024-02-24 07:26 - 000626296 _____ C:\Windows\system32\FNTCACHE.DAT
2024-09-11 18:54 - 2024-03-13 13:20 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-09-11 18:54 - 2024-02-24 01:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-09-11 18:54 - 2023-12-04 08:30 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-09-11 18:54 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemResources
2024-09-11 18:54 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\bcastdvr
2024-09-11 18:54 - 2022-05-07 07:17 - 002621440 _____ C:\Windows\system32\config\BBI
2024-09-11 17:24 - 2024-02-25 16:17 - 000000000 ____D C:\Windows\system32\MRT
2024-09-11 17:21 - 2024-02-25 16:17 - 199688632 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-09-11 17:21 - 2022-05-07 07:17 - 000000000 ____D C:\Windows\CbsTemp
2024-09-11 16:44 - 2024-03-12 11:00 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-09-11 16:44 - 2024-03-12 11:00 - 000002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-09-11 16:44 - 2024-02-24 19:57 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2246425733-1572341141-2263144653-1001
2024-09-10 21:18 - 2024-02-24 07:26 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-10 21:18 - 2024-02-24 07:26 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-10 21:10 - 2024-02-24 01:48 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-09-06 23:47 - 2024-02-23 22:40 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2024-09-06 23:35 - 2024-02-24 07:28 - 000000000 ____D C:\ProgramData\Packages
2024-09-06 09:09 - 2024-02-27 04:30 - 000000000 ____D C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder
2024-09-06 04:19 - 2022-05-07 09:39 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2024-09-06 04:19 - 2022-05-07 09:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\system32\F12
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\WUModels
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\oobe
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\Dism
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\Provisioning
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-09-03 14:17 - 2024-03-03 16:02 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-09-03 14:02 - 2024-04-05 20:26 - 000000000 ____D C:\Users\Admin\AppData\Roaming\EAAntiCheat.Installer.Tool
2024-09-03 13:43 - 2024-02-23 22:56 - 000000000 ____D C:\ProgramData\Package Cache
2024-08-31 18:02 - 2024-02-24 07:30 - 003212800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-08-31 12:00 - 2024-02-25 00:27 - 000000000 ____D C:\Users\Admin\AppData\Roaming\qBittorrent
==================== Files in the root of some directories ========
2024-06-02 13:02 - 2024-06-02 13:02 - 000000018 _____ () C:\Users\Admin\AppData\Roaming\.cache9050425797200915815.dat
2024-03-05 01:36 - 2024-03-17 23:09 - 000000117 _____ () C:\Users\Admin\AppData\Roaming\D2Info0
2024-03-05 01:36 - 2024-03-17 23:11 - 000000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_1
2024-03-05 01:53 - 2024-03-17 23:10 - 000000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_2
2024-03-17 22:21 - 2024-03-18 00:15 - 000000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_3
2024-02-25 00:24 - 2024-09-17 20:58 - 000120967 _____ () C:\Users\Admin\AppData\Roaming\mozillavpn.log
2024-02-25 12:48 - 2024-05-27 22:01 - 000000016 _____ () C:\Users\Admin\AppData\Roaming\msregsvv.dll
2024-09-13 10:24 - 2024-09-13 10:24 - 000005615 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Ran by Admin (administrator) on DESKTOP-U499I23 (Micro-Star International Co., Ltd. GF63 Thin 9SC) (24-09-2024 19:10:54)
Running from D:\\FRST64.exe
Loaded Profiles: Admin
Platform: Microsoft Windows 11 Pro Version 23H2 22631.4169 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
(D:\Programmes\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) D:\Programmes\Epic Games\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(D:\Programmes\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) D:\Programmes\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
(explorer.exe ->) (Brio) [File not signed] C:\Program Files\FolderSize\FolderSize.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) D:\Programmes\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe
(explorer.exe ->) (Proton AG -> Proton AG) C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0def78d8fd7b6e2b\RtkAudUService64.exe
(explorer.exe ->) (Signal Messenger, LLC -> Signal Messenger, LLC) C:\Users\Admin\AppData\Local\Programs\signal-desktop\Signal.exe <5>
(explorer.exe ->) (Thesycon Software Solutions GmbH & Co. KG -> ) C:\Program Files\Ableton\Push Driver\x64\AbletonPushCpl.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) D:\Programmes\Steam\steam.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.166.0818.0003\Microsoft.SharePoint.exe
(Micro-Star International CO., LTD. -> Application) C:\Program Files (x86)\MSI\MSI Remind Manager\scmfb.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Proton AG -> ) C:\Program Files\Proton\VPN\v3.2.12\ProtonVPN.exe
(services.exe ->) (Brio) [File not signed] C:\Program Files\FolderSize\FolderSizeSvc.exe
(services.exe ->) (CLEVERFILES INC. -> CleverFiles) C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe
(services.exe ->) (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe
(services.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe
(services.exe ->) (Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
(services.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla\Mozilla VPN\Mozilla VPN.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_3594fcc1d16e3924\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Proton AG -> ProtonVPN) C:\Program Files\Proton\VPN\v3.2.12\ProtonVPNService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4dab0fd1fdeb2aa1\RtkAudUService64.exe
(services.exe ->) (SteelSeries France SASU -> Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24081.55.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(SteelSeries France SASU -> A-Volute) C:\Windows\System32\NhNotifSys.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2435.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2407.3.0_x64__8wekyb3d8bbwe\SnippingTool\SnippingTool.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2409.1001.5.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.4.0.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4dab0fd1fdeb2aa1\RtkAudUService64.exe [2165080 2024-07-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1073144 2021-09-25] (Heidi Computers Ltd -> The Eraser Project)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3741224 2024-09-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919352 2024-09-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [f.lux] => C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe [1528952 2024-02-22] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [Steam] => D:\Programmes\Steam\steam.exe [4407656 2024-07-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [org.whispersystems.signal-desktop] => C:\Users\Admin\AppData\Local\Programs\signal-desktop\Signal.exe [186331072 2024-09-12] (Signal Messenger, LLC -> Signal Messenger, LLC)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [Mozilla_VPN] => C:\Program Files\Mozilla\Mozilla VPN\Mozilla VPN.exe [45662624 2024-05-14] (Mozilla Corporation -> Mozilla Corporation)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [com.messenger] => "C:\Users\Admin\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [CCleaner Smart Cleaning] => "D:\Programmes\CCleaner\CCleaner64.exe" /MONITOR (No File)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [3383912 2024-09-13] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [ProtonVPN] => C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe [17389368 2024-06-13] (Proton AG -> ProtonVPN)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [Proton Drive] => C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe [212861440 2024-07-12] (Proton AG -> Proton AG)
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-12] (Brio) [File not signed]
HKU\S-1-5-21-2246425733-1572341141-2263144653-1001\...\Run: [EpicGamesLauncher] => D:\Programmes\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36770792 2024-09-10] (Epic Games Inc. -> Epic Games, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon Center.exe - Shortcut.lnk [2024-06-29]
ShortcutTarget: Dragon Center.exe - Shortcut.lnk -> D:\Dragon Center\Dragon Center\Dragon Center.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ableton Push Control Panel Autostart.lnk [2024-08-03]
ShortcutTarget: Ableton Push Control Panel Autostart.lnk -> C:\Program Files\Ableton\Push Driver\x64\AbletonPushCpl.exe (Thesycon Software Solutions GmbH & Co. KG -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AudioFuseControlCenterAgent.lnk [2024-07-14]
ShortcutTarget: AudioFuseControlCenterAgent.lnk -> C:\Program Files (x86)\Arturia\AudioFuse Control Center\AudioFuseControlCenterAgent.exe (Arturia) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MiniFuseControlCenterAgent.lnk [2024-03-09]
ShortcutTarget: MiniFuseControlCenterAgent.lnk -> D:\Programmes\MiniFuse Control Center\MiniFuseControlCenterAgent.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {EAEBD5F6-305F-4363-93EA-B8FF9DDC7491} - System32\Tasks\CCleanerSkipUAC - Admin => "D:\Programmes\CCleaner\CCleaner64.exe" $(Arg0) (No File)
Task: {F54F9D7B-2443-45AA-9354-B0FB6B94A3E0} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317064 2024-04-08] (CyberLink Corp. -> )
Task: {31612308-F572-4FFE-A4A9-E0B12AEF478A} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317064 2024-04-08] (CyberLink Corp. -> )
Task: {CFBF2BFA-FA23-4FE4-A41C-CC14348217EC} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon -> Center\DragonCenter_Updater.exe DragonCenter
Task: {A9DF29D0-FAF7-415F-8D6E-82CF245BFC0D} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2246425733-1572341141-2263144653-1001 => C:\Users\Admin\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-07-19] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {925DA0B7-9203-49C6-B8EA-8576FE3304EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {20596968-0E11-4226-9E29-3A39E339271D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {036360A1-075B-47EA-AF5D-F26060B531DE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312472 2024-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {D36278CB-AB0C-4F7D-A5D3-837252EE0DD4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312472 2024-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {98206514-B4B1-4AE8-A8C9-667FE1C5F8CA} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [187024 2024-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {4C7DC90F-F92F-4558-8A36-5CDF43E534B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3A806043-0180-4B99-8F6A-773ACD05A5D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {52973647-7075-4D7D-85B9-D11B0C5FED80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E0165E2A-DDC7-4B85-8D49-10108269348F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7E8F3C1A-1612-401D-BF59-7D2E4136A208} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2246425733-1572341141-2263144653-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [672328 2024-09-06] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {7F2A1DB3-8B9F-44D7-81B5-A43B312D8A28} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-09-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {6E8E57DF-69A2-4C95-95F9-EE0D7DE791DD} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [6255104 2020-05-06] (Micro-Star International Co., Ltd.) [File not signed]
Task: {8B51DD08-0674-4A42-8664-7A785823140A} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [431384 2018-02-05] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed]
Task: {9B0606D6-C202-403C-9B5A-CD2E8C64217E} - System32\Tasks\MSISCMTsk => C:\Program Files (x86)\MSI\MSI Remind Manager\MSISCMTsk.exe [344184 2020-02-13] (Micro-Star International CO., LTD. -> Application)
Task: {FE111AA1-1261-442B-9A91-517BE5335603} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {8C0A6DBC-C16C-4C93-87FE-417B220457F0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ED217373-2016-4634-B443-547D655D1B7E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {F96EA472-6BD3-4C5F-BBE9-86A6A16D8129} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BA186F8C-44FF-4F39-B7D4-1F3FD47D21DD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CC863C85-A50B-4E09-A47C-4B6656CD43B2} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8C77DDA3-DCFC-4FBC-B5FD-99E71291C58B} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8244AC26-A671-4037-BCA3-426FB39B3AF9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {710E8B9A-2BBC-4328-B249-02230A73B97D} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AC54C57B-4D62-4CB1-A7D7-D7A169D6B43F} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209208 2024-09-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {656ABF2D-23D6-4C6A-A3AB-BE85C7423B0F} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2246425733-1572341141-2263144653-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209208 2024-09-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB3D921B-099E-4A41-BABC-5006F7E33EB3} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [97576 2024-04-08] (CyberLink Corp. -> CyberLink Corp.)
Task: {AEC29B7D-80B9-4D75-A3C3-D419906B405C} - System32\Tasks\Quick Photo Finder_Logon => C:\Program Files\Quick Photo Finder\qpf.exe startupshow (No File)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.0 www.aomeitech.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4f60559a-26f6-48cd-a3e8-d88b45eede32}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4f60559a-26f6-48cd-a3e8-d88b45eede32}: [DhcpDomain] lan
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}: [DhcpDomain] lan
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\05968756C6F513032383: [DhcpNameServer] 192.168.176.104
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\05968756C6F513338363: [DhcpNameServer] 192.168.22.159
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\2426F687D22463237353938313: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\2426F687D22463237353938313: [DhcpDomain] lan
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\2426F687D28333732354033323: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6293acc6-dda9-45b7-b291-f500aee6c90e}\2426F687D28333732354033323: [DhcpDomain] lan
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}: [DhcpDomain] lan
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}\05968756C6F553831323: [DhcpNameServer] 192.168.91.254
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}\2426F687D27364642373642303: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}\2426F687D27364642373642303: [DhcpDomain] lan
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}\2426F687D28333732354033323D2537484A7: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a0049f6a-c45b-429c-a9b7-981dfbdd9eaa}\2426F687D28333732354033323D2537484A7: [DhcpDomain] lan
Edge:
=======
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-17]
Edge Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-09-17]
Edge Extension: (Edge relevant text changes) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-23]
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2024-07-31]
FireFox:
========
FF DefaultProfile: jvpicbjs.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jvpicbjs.default [2024-02-24]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release [2024-09-24]
FF Extension: (Facebook Container) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\@contain-facebook.xpi [2024-02-24]
FF Extension: (AdBlocker Ultimate) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2024-07-19]
FF Extension: (Dark Reader) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\addon@darkreader.org.xpi [2024-09-17]
FF Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\appledev@soarinfotech.com.xpi [2024-09-18]
FF Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\firefox@ghostery.com.xpi [2024-09-03]
FF Extension: (Tampermonkey) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\firefox@tampermonkey.net.xpi [2024-05-13]
FF Extension: (To Google Translate) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2024-02-24]
FF Extension: (AdBlock — block ads across the web) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2024-09-11]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2024-08-01]
FF Extension: (Google Translator for Firefox) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\translator@zoli.bod.xpi [2024-04-28]
FF Extension: (Imagus) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi [2024-02-24] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (TWP - Translate Web Pages) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2024-03-11]
FF Extension: (Dark Page) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{0e13aad6-79bd-4287-b466-1f643488ef79}.xpi [2024-02-24]
FF Extension: (OldWood) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{1268dd7d-073e-4bf1-81dc-f1bb0f4f0c2e}.xpi [2024-02-24]
FF Extension: (Dark-ish Rainbow) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{21f69c5d-b9e1-470f-a890-74454e954eee}.xpi [2024-02-24]
FF Extension: (Dark space - The best dynamic theme) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{22b0eca1-8c02-4c0d-a5d7-6604ddd9836e}.xpi [2024-02-24]
FF Extension: (theme sombre) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{7e64ce41-63c3-4f60-a1a4-7b4d93ec450f}.xpi [2024-02-24]
FF Extension: (WOT Website Security & Privacy Protection) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2024-02-24]
FF Extension: (Video DownloadHelper) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wcsv2356.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2024-09-11]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> D:\Programmes\VLC\npvlc.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-08-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 cfbackd; C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe [309128 2023-03-23] (CLEVERFILES INC. -> CleverFiles)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14042808 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [87169232 2024-09-05] (Electronic Arts, Inc. -> Electronic Arts)
R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [13936744 2024-09-13] (Electronic Arts, Inc. -> Electronic Arts)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncHelper.exe [3523112 2024-09-11] (Microsoft Corporation -> Microsoft Corporation)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-12] (Brio) [File not signed]
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe [1431160 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 MozillaVPNBroker; C:\Program Files\Mozilla\Mozilla VPN\Mozilla VPN.exe [45662624 2024-05-14] (Mozilla Corporation -> Mozilla Corporation)
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe [47568 2018-10-29] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 NahimicService; C:\Windows\system32\NahimicService.exe [1910704 2024-06-21] (SteelSeries France SASU -> Nahimic)
R2 NativePushService; C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [595352 2023-08-22] (Wondershare Technology Group Co.,Ltd -> Wondershare)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [13142392 2024-06-02] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_3594fcc1d16e3924\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-03-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.166.0818.0003\OneDriveUpdaterService.exe [3863984 2024-09-11] (Microsoft Corporation -> Microsoft Corporation)
R3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.2.12\ProtonVPNService.exe [474848 2024-06-13] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.2.12\ProtonVPN.WireGuardService.exe [474336 2024-06-13] (Proton AG -> ProtonVPN)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [625960 2024-04-08] (CyberLink Corp. -> CyberLink)
R2 Sendevsvc; C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe [302888 2019-01-30] (Micro-Star International CO., LTD. -> ) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [530448 2024-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe [3199656 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe [133704 2024-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [X]
S3 LibreOfficeMaintenance; D:\Programmes\LibreOffice\program\update_service.exe [X]
S2 MBAMService; "D:\Programmes\Malwarebytes\MBAMService.exe" [X]
S3 MBVpnTunnelService; "D:\Programmes\Malwarebytes\MBVpnTunnelService.exe" [X]
S3 Rockstar Service; "D:\Programmes\Rockstar\RockstarService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2023-10-10] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 arturiaminifuseusbaudio; C:\Windows\System32\drivers\arturiaminifuseusbaudio.sys [375816 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 arturiaminifuseusbaudioks; C:\Windows\System32\drivers\arturiaminifuseusbaudioks.sys [54792 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 audiofuseusbaudio; C:\Windows\System32\drivers\audiofuseusbaudio.sys [428024 2023-06-29] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 audiofuseusbaudioks; C:\Windows\System32\drivers\audiofuseusbaudioks.sys [55288 2023-06-29] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2023-10-10] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [386552 2021-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Dokan Project)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [231504 2024-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-02-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt11.sys [234168 2024-08-11] (Malwarebytes Inc. -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78928 2024-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2024-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [189776 2024-08-11] (Malwarebytes Inc. -> Malwarebytes)
R3 MozillaVPNSplitTunnel; C:\Program Files\Mozilla\Mozilla VPN\mullvad-split-tunnel.sys [87024 2024-05-14] (Mullvad VPN AB -> Mullvad VPN AB)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [19000 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 Nahimic_Mirroring; C:\Windows\System32\drivers\Nahimic_Mirroring.sys [94784 2022-06-03] (A-Volute SAS -> Windows (R) Win 7 DDK provider)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-04-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.2.12\Resources\ProtonVPN.CalloutDriver.sys [37768 2024-06-13] (Proton AG -> Proton Technologies AG)
R3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [813112 2024-02-25] (Microsoft Windows Hardware Compatibility Publisher -> IDRIX)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22080 2024-09-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602392 2024-09-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2024-09-17] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [18688 2018-07-18] (WDKTestCert heavenluo,131620253795976757 -> )
S3 wintun; C:\Windows\system32\DRIVERS\wintun.sys [36936 2024-02-25] (WireGuard LLC -> WireGuard LLC)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2024-07-29] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S1 afsqntpp; \??\C:\Windows\system32\drivers\afsqntpp.sys [X]
U4 Antares Central Services; no ImagePath
U4 CmWebAdmin.exe; no ImagePath
U3 CodeMeter.exe; no ImagePath
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-09-24 19:10 - 2024-09-24 19:11 - 000000000 ____D C:\FRST
2024-09-17 22:01 - 2024-09-17 22:01 - 000000000 ____D C:\Users\Admin\Games
2024-09-17 22:01 - 2024-09-17 22:01 - 000000000 ____D C:\Program Files (x86)\AOE URL Helper
2024-09-16 13:25 - 2024-09-16 13:25 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-09-13 10:24 - 2024-09-13 10:24 - 000005615 _____ C:\Users\Admin\AppData\Local\recently-used.xbel
2024-09-13 09:54 - 2024-09-13 09:54 - 000000814 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.38.lnk
2024-09-06 08:54 - 2024-09-18 17:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-09-03 14:02 - 2024-09-03 14:02 - 000000000 ____D C:\ProgramData\Origin
2024-09-03 14:02 - 2024-09-03 14:02 - 000000000 ____D C:\ProgramData\Electronic Arts
2024-09-03 14:02 - 2024-09-03 14:02 - 000000000 ____D C:\ProgramData\eaanticheat
2024-09-03 14:02 - 2024-09-03 14:02 - 000000000 ____D C:\Program Files\EA
2024-09-03 13:43 - 2024-09-13 09:53 - 000000000 ____D C:\ProgramData\EA Desktop
2024-09-03 13:43 - 2024-09-03 13:43 - 000000000 ____D C:\Program Files\Electronic Arts
2024-09-03 13:43 - 2024-09-03 13:43 - 000000000 ____D C:\Program Files\EA Games
2024-09-03 13:37 - 2024-09-03 13:37 - 000000000 ____D C:\Users\Admin\AppData\Local\UnrealEngineLauncher
2024-09-03 13:37 - 2024-09-03 13:37 - 000000000 ____D C:\Users\Admin\AppData\Local\EpicGamesLauncher
2024-09-03 13:37 - 2024-09-03 13:37 - 000000000 ____D C:\Users\Admin\AppData\Local\Epic Games
2024-09-03 13:36 - 2024-09-03 13:36 - 000001025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2024-09-03 13:36 - 2024-09-03 13:36 - 000000000 ____D C:\Program Files (x86)\Epic Games
2024-09-03 13:35 - 2024-09-03 13:44 - 000000000 ____D C:\ProgramData\Epic
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-09-24 19:12 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-09-24 19:12 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\AppReadiness
2024-09-24 19:11 - 2024-02-24 00:47 - 000000000 ____D C:\ProgramData\NVIDIA
2024-09-24 19:09 - 2024-02-25 13:59 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Signal
2024-09-24 19:05 - 2024-02-24 07:26 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-09-24 19:05 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-18 23:15 - 2024-08-02 22:22 - 000000000 ____D C:\ProgramData\Common
2024-09-18 22:45 - 2024-02-25 16:34 - 000000000 ____D C:\Users\Admin\AppData\Roaming\discord
2024-09-18 22:02 - 2024-02-25 16:34 - 000000000 ____D C:\Users\Admin\AppData\Local\Discord
2024-09-18 19:17 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemTemp
2024-09-18 17:17 - 2024-02-23 22:45 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2024-09-18 17:17 - 2022-05-07 07:22 - 000000000 ____D C:\Windows\INF
2024-09-18 16:57 - 2024-02-24 01:48 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-09-17 22:01 - 2024-02-23 22:38 - 000000000 ____D C:\Users\Admin
2024-09-17 21:05 - 2024-02-24 07:32 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-09-17 20:58 - 2024-03-24 21:29 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Messenger
2024-09-17 20:58 - 2024-03-24 21:29 - 000000000 ____D C:\Users\Admin\AppData\Local\Messenger
2024-09-17 20:58 - 2024-02-24 07:26 - 000012288 ___SH C:\DumpStack.log.tmp
2024-09-17 20:58 - 2024-02-24 07:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-09-17 20:58 - 2024-02-24 00:50 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2024-09-17 20:58 - 2024-02-24 00:50 - 000000000 ____D C:\Intel
2024-09-17 20:57 - 2024-03-05 15:17 - 000000000 ____D C:\Windows\Minidump
2024-09-17 20:57 - 2024-02-24 07:28 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2024-09-17 20:57 - 1601-01-01 02:00 - 004420408 ____N C:\Windows\Minidump\091724-15406-01.dmp
2024-09-17 18:47 - 2024-02-24 07:26 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-09-16 13:24 - 2024-03-12 10:56 - 000000000 ____D C:\Program Files\Microsoft Office
2024-09-16 13:15 - 2024-02-24 07:26 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-16 13:12 - 2024-03-12 17:37 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Word
2024-09-13 11:05 - 2024-07-26 09:59 - 000000000 ____D C:\Users\Admin\AppData\Local\babl-0.1
2024-09-13 10:24 - 2024-07-26 10:32 - 000000000 ____D C:\Users\Admin\AppData\Local\gtk-2.0
2024-09-11 19:10 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-09-11 19:01 - 2024-04-05 20:26 - 000000000 ____D C:\ProgramData\Packer
2024-09-11 18:55 - 2024-02-24 07:26 - 000626296 _____ C:\Windows\system32\FNTCACHE.DAT
2024-09-11 18:54 - 2024-03-13 13:20 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-09-11 18:54 - 2024-02-24 01:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-09-11 18:54 - 2023-12-04 08:30 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-09-11 18:54 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemResources
2024-09-11 18:54 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\bcastdvr
2024-09-11 18:54 - 2022-05-07 07:17 - 002621440 _____ C:\Windows\system32\config\BBI
2024-09-11 17:24 - 2024-02-25 16:17 - 000000000 ____D C:\Windows\system32\MRT
2024-09-11 17:21 - 2024-02-25 16:17 - 199688632 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-09-11 17:21 - 2022-05-07 07:17 - 000000000 ____D C:\Windows\CbsTemp
2024-09-11 16:44 - 2024-03-12 11:00 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-09-11 16:44 - 2024-03-12 11:00 - 000002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-09-11 16:44 - 2024-02-24 19:57 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2246425733-1572341141-2263144653-1001
2024-09-10 21:18 - 2024-02-24 07:26 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-10 21:18 - 2024-02-24 07:26 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-10 21:10 - 2024-02-24 01:48 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-09-06 23:47 - 2024-02-23 22:40 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2024-09-06 23:35 - 2024-02-24 07:28 - 000000000 ____D C:\ProgramData\Packages
2024-09-06 09:09 - 2024-02-27 04:30 - 000000000 ____D C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder
2024-09-06 04:19 - 2022-05-07 09:39 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2024-09-06 04:19 - 2022-05-07 09:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\system32\F12
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\WUModels
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\oobe
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\Dism
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\Provisioning
2024-09-06 04:19 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-09-03 14:17 - 2024-03-03 16:02 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-09-03 14:02 - 2024-04-05 20:26 - 000000000 ____D C:\Users\Admin\AppData\Roaming\EAAntiCheat.Installer.Tool
2024-09-03 13:43 - 2024-02-23 22:56 - 000000000 ____D C:\ProgramData\Package Cache
2024-08-31 18:02 - 2024-02-24 07:30 - 003212800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-08-31 12:00 - 2024-02-25 00:27 - 000000000 ____D C:\Users\Admin\AppData\Roaming\qBittorrent
==================== Files in the root of some directories ========
2024-06-02 13:02 - 2024-06-02 13:02 - 000000018 _____ () C:\Users\Admin\AppData\Roaming\.cache9050425797200915815.dat
2024-03-05 01:36 - 2024-03-17 23:09 - 000000117 _____ () C:\Users\Admin\AppData\Roaming\D2Info0
2024-03-05 01:36 - 2024-03-17 23:11 - 000000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_1
2024-03-05 01:53 - 2024-03-17 23:10 - 000000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_2
2024-03-17 22:21 - 2024-03-18 00:15 - 000000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_3
2024-02-25 00:24 - 2024-09-17 20:58 - 000120967 _____ () C:\Users\Admin\AppData\Roaming\mozillavpn.log
2024-02-25 12:48 - 2024-05-27 22:01 - 000000016 _____ () C:\Users\Admin\AppData\Roaming\msregsvv.dll
2024-09-13 10:24 - 2024-09-13 10:24 - 000005615 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================