-
-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible Malware or virus I'm not sure I've tried and tried so I'm finally asking for help #252
Comments
Hi, We'll return to you as soon as possible. Meanwhile, please describe in details what are the signs of infection did you notice? Please, note that only members of VIRUSNET-Association are allowed to respond to PC cure topics. Assistance is provided free of charge in our free time. If you found our help useful, you can thank us with any amount using this form or you can leave feedback in Guestbook. |
Hi, Please download Farbar Recovery Scan Tool and save it to your Desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
|
Thank you so much for helping me. After my son used my computer, I started getting random pop up without anything even being open. I would just shut everything down with the task manager and then all of a sudden multiple ads would pop up. I thought I had stopped them by uninstalling some applications I didn't recognize and then another one popped up the other day while I was working on my computer. I attached the two files you requested. Thank you again for your time.
…________________________________
From: Sandor-Helper ***@***.***>
Sent: Friday, June 21, 2024 5:42 AM
To: dragokas/hijackthis ***@***.***>
Cc: nicole eddy ***@***.***>; Author ***@***.***>
Subject: Re: [dragokas/hijackthis] Possible Malware or virus I'm not sure I've tried and tried so I'm finally asking for help (Issue #252)
Hi,
I do not see any obvious signs of infection so far. Waiting for your description.
And please do these logs:
Please download Farbar Recovery Scan Tool<https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/> and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
* Right click to run as administrator. When the tool opens click Yes to disclaimer.
* Press Scan button.
* It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
* Please attach the logs back here.
—
Reply to this email directly, view it on GitHub<#252 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AZ4HLTGTSR3A4U3NZLNOKXTZIQNUXAVCNFSM6AAAAABJUIOH2OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBSGY4DCOJUHE>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.06.2024
Ran by nikkimarie (administrator) on DESKTOP-EI2OC1S (Dell Inc. XPS 13 9370) (23-06-2024 09:39:28)
Running from C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\FRST64.exe
Loaded Profiles: nikkimarie
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4529 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.CoreServices.Client.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Git\bin\bash.exe ->) (Johannes Schindelin -> ) C:\Program Files\Git\usr\bin\bash.exe <2>
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.612.100_x64__8wekyb3d8bbwe\olk.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe <7>
(C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\dotnet\PlariumPlay.NetHost.exe ->) (Plarium Global LTD -> PlariumPlayInfo) C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\dotnet\info\PlariumPlayInfo.exe
(C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\PlariumPlay.exe ->) (Plarium Global LTD -> PlariumPlay.NetHost) C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\dotnet\PlariumPlay.NetHost.exe
(C:\Users\nikkimarie\AppData\Local\Programs\Microsoft VS Code\Code.exe ->) (Johannes Schindelin -> The Git Development Community) C:\Program Files\Git\bin\bash.exe <2>
(DriverStore\FileRepository\cui_dch.inf_amd64_01c7e148055ac0fe\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_01c7e148055ac0fe\igfxEM.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\nikkimarie\AppData\Local\Programs\Microsoft VS Code\Code.exe <22>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <40>
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\nikkimarie\AppData\Local\Microsoft\OneDrive\24.111.0602.0003\FileCoAuth.exe
(MONGODB, INC. -> MongoDB Inc) C:\Users\nikkimarie\AppData\Local\MongoDBCompass\app-1.43.1\MongoDBCompass.exe <6>
(Plarium Global LTD -> GitHub, Inc.) C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\PlariumPlay.exe <6>
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_01c7e148055ac0fe\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_e192e6f3fb1cfc71\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_1b99d7afd85e5c44\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_58ee72dee7989949\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_58ee72dee7989949\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_fafb1d329fdfe2c6\aesm_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (MongoDB, Inc) [File not signed] C:\Program Files\MongoDB\Server\7.0\bin\mongod.exe
(services.exe ->) (Plarium Global LTD -> PlariumPlayClientService) C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\PlariumPlayClientService\PlariumPlayClientService.exe
(services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.612.100_x64__8wekyb3d8bbwe\olk.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.14326.21886.0_x64__8wekyb3d8bbwe\onenoteim.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3710519103-3053279781-354438042-1003\...\Run: [MicrosoftEdgeAutoLaunch_19B8F90E700754DAD91D3C80608083BA] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3883560 2024-06-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3710519103-3053279781-354438042-1003\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\nikkimarie\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3710519103-3053279781-354438042-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\nikkimarie\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3710519103-3053279781-354438042-1003\...\RunOnce: [Uninstall 24.108.0528.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\nikkimarie\AppData\Local\Microsoft\OneDrive\24.108.0528.0005" [0 2024-06-21] () <==== ATTENTION [zero byte File/Folder]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\126.0.6478.63\Installer\chrmstp.exe [2024-06-20] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {A5FAAC84-2D85-463F-A764-95A1FF81658D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [964936 2024-04-25] (Dell Technologies Inc. -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {093B4D3D-E406-4600-B5EE-9A6A9E8206F5} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{AFCE3E8C-3449-49FF-873F-D82B79AC6C41} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {117FCE63-BBC7-438B-B82B-845E75B0B9F3} - System32\Tasks\Intel\Intel® Management and Security Status => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [235208 2022-01-27] (Intel Corporation -> Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
Task: {8C341DCA-0718-4525-97BA-0A86C30A1C73} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4916640 2024-04-15] (Intel Corporation -> Intel Corporation)
Task: {8DB92736-55C3-4879-9516-73108DE31C03} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4916640 2024-04-15] (Intel Corporation -> Intel Corporation)
Task: {68532D9E-63AC-4E9D-8561-AA24ADA771B0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {CDC883AD-CD83-47F5-BF26-0096606C2701} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5E69851-26FE-4580-91C9-2336B8F3FFE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B761786-11FB-461E-BE46-0719915A75FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5E8D05D-398A-4060-9692-30876F4DDC80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5A4BC2B-D94B-4F57-8BB2-F7BDA4467423} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-01] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {7194F705-B280-4F06-BD96-52C8EEA8068A} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3710519103-3053279781-354438042-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-01] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {DE350198-44FC-4E0B-9F6B-EBE4B7359595} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-05-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {D7BD6EFE-FE1A-400C-BD53-C020BA20FDA5} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed]
Task: {2B0F2389-3875-410B-8EB4-F33852A99576} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [170496 2023-10-12] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}: [DhcpDomain] hsd1.wa.comcast.net
Tcpip\..\Interfaces\{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\0525544545950264C4950264F42502140275946494: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\0525544545950264C4950264F42502140275946494: [DhcpDomain] hsd1.wa.comcast.net
Tcpip\..\Interfaces\{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\3545542525544545: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\3545542525544545: [DhcpDomain] hsd1.wa.comcast.net
Tcpip\..\Interfaces\{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\3554859502143535022494453484: [DhcpNameServer] 192.168.95.20
Tcpip\..\Interfaces\{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\65562796A7F6E6D2D496649683830303C4D223246303: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-23]
Edge Notifications: Default -> hxxps://web.snapchat.com
Edge Extension: (Norton Safe Web) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2024-04-14]
Edge Extension: (Save to Pinterest) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkgoflemacdadndiohhdnphcmdhacabg [2024-06-06]
Edge Extension: (Jasper Everywhere Extension) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bpiohchncadidhohcajcnoelomephkdd [2024-05-13]
Edge Extension: (DuckDuckGo) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-06-18]
Edge Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dimaiidfpngchbbfimkikgnicmibignd [2024-02-17]
Edge Extension: (MetaMask) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2024-03-22]
Edge Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2024-06-18]
Edge Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-18]
Edge Extension: (Microsoft Power Automate (Legacy)) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gjgfobnenmnljakmhboildkafdkicala [2024-02-17]
Edge Extension: (React Developer Tools) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gpphkfbcpidddadnkolkpfckpihlkkil [2024-05-16]
Edge Extension: (Bublup) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jafhgdpkjmgdgpdajnhfgijphegkmchl [2024-02-17]
Edge Extension: (Edge relevant text changes) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-17]
Edge Extension: (html.to.design) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ldnheaepmnmbjjjahokphckbpgciiaed [2024-06-18]
Edge Extension: (Microsoft Rewards) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlbmdekgjkajiobkcbpolefohlelfhfe [2024-06-06]
Edge Extension: (Redux DevTools) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nnkgneoiohoecpdiaponcejilbhhikei [2024-02-17]
Edge Extension: (UserTesting Browser Recorder) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\onlhphabpmijgblopkcjmphbbmeliagn [2024-06-06]
FireFox:
========
FF DefaultProfile: cy115v33.default
FF ProfilePath: C:\Users\nikkimarie\AppData\Roaming\Mozilla\Firefox\Profiles\cy115v33.default [2024-02-19]
FF ProfilePath: C:\Users\nikkimarie\AppData\Roaming\Mozilla\Firefox\Profiles\z4okkfz8.default-release [2024-05-29]
FF Notifications: Mozilla\Firefox\Profiles\z4okkfz8.default-release -> hxxps://teams.microsoft.com
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default [2024-06-23]
CHR Notifications: Default -> hxxps://mail.google.com
CHR Extension: (DuckDuckGo) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-06-18]
CHR Extension: (Bublup) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbfllaanijkpjgnolhfhephemiccnacj [2024-02-20]
CHR Extension: (Microsoft Bing Search with Rewards) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2024-05-30]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2024-06-20]
CHR Extension: (React Developer Tools) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2024-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-23]
CHR Extension: (Microsoft Power Automate (Legacy)) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgfobnenmnljakmhboildkafdkicala [2024-02-20]
CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2024-05-18]
CHR Extension: (Save to Pinterest) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-06-22]
CHR Extension: (Google Play) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2024-02-20]
CHR Extension: (Vercel) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahhiofdgnbcgmemekkmjnpifojdaelb [2024-06-20]
CHR Extension: (html.to.design) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnheaepmnmbjjjahokphckbpgciiaed [2024-06-18]
CHR Extension: (Redux DevTools) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmhkpmbekcpmknklioeibfkpmmfibljd [2024-02-20]
CHR Extension: (Capital One Shopping: Save Now) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2024-06-18]
CHR Extension: (MetaMask) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-06-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-20]
CHR Extension: (UserTesting Browser Recorder) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlhphabpmijgblopkcjmphbbmeliagn [2024-06-06]
CHR Extension: (Material Theme Dark [blue-grey]) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoafodbgcjnmijjepmpgnlhnogaahme [2024-02-20]
CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-03-20]
CHR Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-03-11]
CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-06-06]
CHR Notifications: Profile 2 -> hxxps://mail.google.com; hxxps://www.facebook.com
CHR Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-16]
CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-06-06]
CHR Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-05-06]
CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 4 [2024-05-23]
CHR Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-05-12]
CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\System Profile [2024-06-13]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15689512 2024-03-06] (BattlEye Innovations e.K. -> )
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458128 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [159632 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [481680 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-12-13] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-12-11] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [159664 2023-12-22] (Dell Technologies Inc. -> Dell)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43784 2024-05-02] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [290568 2024-05-02] (Intel Corporation -> Intel)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2024-02-20] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73480 2021-05-31] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [1775392 2021-05-31] (Rivet Networks LLC -> Rivet Networks)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2663208 2021-05-31] (Rivet Networks LLC -> Rivet Networks)
S3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [73496 2021-05-31] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MongoDB; C:\Program Files\MongoDB\Server\7.0\bin\mongod.exe [66431488 2024-05-21] (MongoDB, Inc) [File not signed]
R2 Plarium Play Client Service; C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\PlariumPlayClientService\PlariumPlayClientService.exe [200520 2024-06-18] (Plarium Global LTD -> PlariumPlayClientService)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [197336 2021-06-15] (Qualcomm Atheros, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-05-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [159048 2024-04-25] (Dell Technologies Inc. -> Dell Inc.)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [807352 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2023-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 hostpacket; C:\Windows\System32\drivers\hostpacket.sys [38472 2023-08-15] (Microsoft Windows Hardware Compatibility Publisher -> GEARUP PORTAL PTE. LTD.)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [184400 2021-05-31] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 MpKsl7d942949; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E0E2B6E7-D798-4805-ACE7-8309DAB4AE9C}\MpKslDrv.sys [271648 2024-06-21] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [69984 2024-01-18] (WDKTestCert Nmap,133147429230506937 -> Insecure.Com LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [76832 2022-09-30] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [254664 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [265536 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1064064 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-06-12] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-06-23 09:39 - 2024-06-23 09:40 - 000032929 _____ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\FRST.txt
2024-06-23 09:39 - 2024-06-23 09:40 - 000000000 ____D C:\FRST
2024-06-23 09:39 - 2024-06-23 09:39 - 002395648 _____ (Farbar) C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\FRST64.exe
2024-06-22 02:54 - 2024-06-22 03:15 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\MongoDB Compass
2024-06-22 02:54 - 2024-06-22 02:54 - 000002431 _____ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\MongoDBCompass.lnk
2024-06-22 02:54 - 2024-06-22 02:54 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\MongoDBCompass
2024-06-22 02:54 - 2024-06-22 02:54 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\mongodb
2024-06-22 01:38 - 2024-06-22 01:38 - 137713160 _____ (MongoDB Inc) C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\mongodb-compass-1.43.1-win32-x64.exe
2024-06-21 07:32 - 2024-06-21 07:32 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\nextjs-nodejs
2024-06-20 08:42 - 2024-06-20 08:55 - 000000000 ____D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\AutoLogger
2024-06-20 08:41 - 2024-06-20 08:41 - 018327322 _____ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\AutoLogger.zip
2024-06-20 07:38 - 2024-06-20 08:47 - 000000000 ____D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\HiJackThis_test
2024-06-20 07:37 - 2024-06-20 07:37 - 004369651 _____ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\HiJackThis_test.zip
2024-06-20 07:30 - 2024-06-20 07:30 - 000003460 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
2024-06-20 07:29 - 2024-06-20 07:30 - 000000000 ____D C:\Program Files\Npcap
2024-06-20 07:29 - 2024-06-20 07:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2024-06-20 07:29 - 2024-06-20 07:29 - 000000000 ____D C:\WINDOWS\system32\Npcap
2024-06-20 07:29 - 2024-06-20 07:29 - 000000000 ____D C:\Program Files (x86)\Nmap
2024-06-20 06:44 - 2024-06-20 06:44 - 033969480 _____ (Insecure.org) C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\nmap-7.95-setup.exe
2024-06-19 11:13 - 2024-06-19 11:13 - 000003670 _____ C:\WINDOWS\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2024-06-19 02:11 - 2024-06-19 02:11 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\com.vercel.cli
2024-06-18 11:36 - 2024-06-18 11:36 - 000000000 ____D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\New folder
2024-06-12 13:30 - 2024-06-12 13:30 - 000000000 ___HD C:\$WinREAgent
2024-06-10 16:31 - 2024-06-10 16:31 - 000000000 ____D C:\Users\nikkimarie\AppData\LocalLow\Yotta Games
2024-06-10 16:30 - 2024-06-10 16:31 - 000002006 _____ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\The Grand Mafia.lnk
2024-06-10 16:30 - 2024-06-10 16:30 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\YottaSDK
2024-06-08 02:21 - 2024-06-08 02:21 - 000000000 ____D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\Autoruns
2024-06-08 02:19 - 2024-06-08 02:19 - 002932380 _____ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\Autoruns.zip
2024-06-08 02:14 - 2024-06-08 02:14 - 000009490 _____ C:\Users\nikkimarie\.bash_history
2024-06-08 02:01 - 2024-06-08 02:01 - 001149180 _____ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\Jan_Mar_2024_Longview_Police_Department_report.csv
2024-06-07 22:42 - 2024-06-18 17:14 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\Firestorm_x64
2024-06-07 22:42 - 2024-06-10 16:30 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\Firestorm_x64
2024-06-07 22:41 - 2024-06-07 22:41 - 000000000 ____D C:\WINDOWS\GearUPBooster
2024-06-07 12:10 - 2024-06-07 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Releasex64
2024-06-07 12:07 - 2024-06-07 22:42 - 000000000 ____D C:\Program Files\Firestorm-Releasex64
2024-06-07 12:04 - 2024-06-07 12:05 - 148711893 _____ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\Phoenix-Firestorm-Releasex64-6-6-17-70368_Setup.exe
2024-06-06 22:32 - 2024-06-06 22:32 - 000000000 ___DL C:\Program Files\nodejs
2024-06-06 22:05 - 2024-06-06 22:39 - 000000000 ____D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\modern
2024-05-31 18:44 - 2024-05-21 17:42 - 000512400 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2024-05-31 18:44 - 2024-05-21 17:42 - 000453632 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2024-05-31 18:44 - 2024-05-21 17:40 - 000942600 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2024-05-31 18:44 - 2024-05-21 17:40 - 000705512 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2024-05-31 18:44 - 2024-05-21 17:39 - 000591488 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2024-05-31 18:44 - 2024-05-21 17:39 - 000453016 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2024-05-31 18:44 - 2024-05-21 17:36 - 000492608 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2024-05-31 18:44 - 2024-05-21 17:36 - 000398400 _____ C:\WINDOWS\system32\ze_loader.dll
2024-05-31 18:44 - 2024-05-21 17:36 - 000159288 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2024-05-31 18:44 - 2024-05-21 17:35 - 027963856 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2024-05-31 18:44 - 2024-05-21 17:35 - 020687936 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2024-05-31 18:44 - 2024-05-21 17:35 - 001969616 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-05-31 18:44 - 2024-05-21 17:35 - 001969616 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-05-31 18:44 - 2024-05-21 17:35 - 001526224 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-05-31 18:44 - 2024-05-21 17:35 - 001526224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-05-31 18:44 - 2024-05-21 17:35 - 001434064 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-05-31 18:44 - 2024-05-21 17:35 - 001434064 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-05-31 18:44 - 2024-05-21 17:35 - 001147344 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-05-31 18:44 - 2024-05-21 17:35 - 001147344 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-05-31 18:44 - 2024-05-21 17:35 - 000515648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-05-31 18:44 - 2024-05-21 17:35 - 000378432 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-05-31 17:21 - 2024-05-31 17:21 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\ElevatedDiagnostics
2024-05-30 17:36 - 2024-05-30 18:03 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\Microsoft\WordPad
2024-05-29 22:40 - 2024-05-30 16:43 - 000000009 _____ C:\WINDOWS\system32\query
2024-05-24 05:23 - 2024-05-24 05:23 - 000000000 ____D C:\Program Files\MongoDB
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-06-23 09:39 - 2024-02-17 21:38 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\D3DSCache
2024-06-23 09:36 - 2024-02-17 21:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-23 09:36 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-06-23 09:36 - 2024-02-11 02:23 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-23 05:58 - 2024-04-24 17:16 - 000000445 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2024-06-23 04:58 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-06-22 23:45 - 2024-02-11 02:23 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-22 23:45 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-22 20:59 - 2024-02-20 10:59 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\Code
2024-06-22 20:48 - 2024-02-20 20:03 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\PlariumPlay
2024-06-22 16:52 - 2022-12-09 12:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-22 02:54 - 2024-02-19 15:15 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\SquirrelTemp
2024-06-22 02:54 - 2023-11-27 02:59 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MongoDB Inc
2024-06-21 17:32 - 2024-02-17 21:39 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3710519103-3053279781-354438042-1003
2024-06-21 17:32 - 2024-02-17 21:38 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3710519103-3053279781-354438042-1003
2024-06-21 17:32 - 2024-02-17 21:22 - 000002439 _____ C:\Users\nikkimarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-06-20 20:29 - 2024-02-20 10:58 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-20 09:16 - 2024-02-20 20:11 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\PlariumPlay
2024-06-20 08:49 - 2024-02-17 21:30 - 000840974 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-06-20 08:49 - 2024-02-11 02:22 - 000000000 ____D C:\WINDOWS\INF
2024-06-20 08:48 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-06-20 08:45 - 2023-03-08 13:02 - 000000000 __SHD C:\Users\nikkimarie\IntelGraphicsProfiles
2024-06-20 08:44 - 2024-04-24 17:11 - 000001591 _____ C:\WINDOWS\system32\config\VSMIDK
2024-06-20 08:44 - 2024-02-17 21:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-06-20 08:44 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\ServiceState
2024-06-20 08:44 - 2024-02-11 02:18 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-06-20 08:44 - 2022-12-09 12:33 - 000008192 ___SH C:\DumpStack.log.tmp
2024-06-20 08:44 - 2022-12-09 09:44 - 000000000 ____D C:\Intel
2024-06-19 16:27 - 2024-02-20 21:52 - 000003834 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2024-06-19 11:13 - 2024-02-20 21:27 - 000003762 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2024-06-19 11:13 - 2024-02-20 21:27 - 000003528 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2024-06-19 10:05 - 2023-03-08 15:42 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2024-06-18 16:00 - 2023-03-08 13:10 - 000000000 ___RD C:\Users\nikkimarie\OneDrive
2024-06-18 11:56 - 2024-02-20 20:18 - 000000000 ____D C:\Program Files\Electronic Arts
2024-06-18 11:56 - 2024-02-20 19:59 - 000000000 ____D C:\ProgramData\Package Cache
2024-06-18 11:30 - 2024-02-20 20:50 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\CrashDumps
2024-06-18 11:30 - 2024-02-11 02:23 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-06-18 11:01 - 2024-05-02 02:16 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2024-06-16 18:40 - 2024-02-17 21:36 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\Packages
2024-06-13 05:26 - 2024-02-17 21:22 - 000000000 ____D C:\Users\nikkimarie
2024-06-12 14:49 - 2024-02-17 21:17 - 000259720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-06-12 14:48 - 2024-04-24 17:10 - 000000000 ____D C:\Program Files\Hyper-V
2024-06-12 14:48 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\SystemResources
2024-06-12 14:48 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-06-12 14:48 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-06-12 14:17 - 2024-02-11 02:19 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-06-12 14:12 - 2024-02-17 21:20 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-06-12 13:44 - 2024-02-19 15:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-06-12 13:35 - 2024-02-19 15:35 - 199048176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-06-08 04:07 - 2024-03-22 07:23 - 000000000 ____D C:\ProgramData\VirtualBox
2024-06-08 04:06 - 2023-12-15 23:10 - 000000000 ____D C:\Users\nikkimarie\.VirtualBox
2024-06-07 11:45 - 2024-05-23 21:27 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\SecondLife
2024-06-07 06:40 - 2024-02-17 21:26 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-07 06:40 - 2024-02-17 21:26 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1da6221909045b1
2024-06-06 22:30 - 2024-02-20 11:03 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\nvm
2024-06-06 22:30 - 2023-07-08 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVM for Windows
2024-06-06 00:01 - 2024-02-17 22:01 - 000000000 ____D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\portfolio
2024-06-05 23:52 - 2024-02-17 21:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-06-04 10:59 - 2023-10-12 18:57 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-06-04 10:58 - 2023-12-10 00:45 - 000233455 _____ C:\Users\nikkimarie\yarn.lock
2024-06-04 10:58 - 2023-03-27 08:31 - 000000000 ____D C:\Users\nikkimarie\node_modules
2024-06-04 10:56 - 2023-09-30 09:44 - 000000121 _____ C:\Users\nikkimarie\.yarnrc
2024-06-01 17:45 - 2024-02-24 16:36 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\Yarn
2024-05-31 18:51 - 2024-02-17 21:36 - 000000000 ____D C:\Program Files\Intel
2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-30 17:13 - 2024-02-20 20:10 - 000000000 ____D C:\Program Files\dotnet
2024-05-30 17:06 - 2024-05-01 21:41 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-05-28 20:09 - 2024-02-19 14:53 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-05-24 00:33 - 2024-05-23 21:27 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\SecondLife
==================== Files in the root of some directories ========
2023-10-06 19:55 - 2023-10-06 19:55 - 000000000 _____ () C:\Users\nikkimarie\.mongorc.js
2024-02-20 20:02 - 2024-02-20 20:11 - 000029272 _____ () C:\Users\nikkimarie\AppData\Local\PlariumPlay.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.06.2024
Ran by nikkimarie (23-06-2024 09:41:27)
Running from C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.4529 (X64) (2024-02-18 04:36:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3710519103-3053279781-354438042-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3710519103-3053279781-354438042-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-3710519103-3053279781-354438042-1014 - Limited - Enabled) => C:\Users\DevToolsUser
Guest (S-1-5-21-3710519103-3053279781-354438042-501 - Limited - Disabled)
nikkimarie (S-1-5-21-3710519103-3053279781-354438042-1003 - Administrator - Enabled) => C:\Users\nikkimarie
WDAGUtilityAccount (S-1-5-21-3710519103-3053279781-354438042-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Dell SupportAssist (HKLM\...\{A1FC489C-7909-4E08-9685-6C77BA2053DE}) (Version: 4.0.3.61632 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{39BF0E71-7A16-4A80-BBCE-FBDD2D1CC2D5}) (Version: 5.5.9.18923 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{f6a4df94-48f2-459a-8d40-16b1fbed13c5}) (Version: 5.5.9.18923 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{398E49A0-84CA-43B5-A926-42EF68619E91}) (Version: 5.5.10.19019 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{3563aa3a-c8ae-48d8-ab19-b1f359265295}) (Version: 5.5.10.19019 - Dell Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Firestorm-Releasex64 (HKLM\...\Firestorm-Releasex64) (Version: 6.6.17.70368 - The Phoenix Firestorm Project, Inc.)
Git (HKLM\...\Git_is1) (Version: 2.43.0 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.63 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{0C162007-F1C8-47A0-BD5D-E5FC54689B16}) (Version: 24.2.19.5 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{2D924248-D4EE-45BA-BDDB-1FA8828CF5CA}) (Version: 2.4.10852 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B52CA235-45C5-46FE-A183-B7D2FD4966AA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{B7F27296-F1AE-46BB-8BD7-5E0EED0EA1AC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{77847290-e441-4f65-8fe1-634e73b7632b}) (Version: 24.2.19.5 - Intel)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{A6961DC0-8F0E-4593-B336-FD3E7F27999C}) (Version: 16.8.4.1011 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft .NET Host - 6.0.31 (x64) (HKLM\...\{59ED1DC1-E3E4-4BC0-B43F-143CCC38FF17}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.20 (x64) (HKLM\...\{EE5EB03B-D65C-4991-848E-2C6E024326DB}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.31 (x64) (HKLM\...\{9992D04E-553E-4BC2-B0EC-4A394DD19986}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.20 (x64) (HKLM\...\{B0FC828F-678C-4868-9B5B-99639758E6F3}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.7 (x64) (HKLM\...\{62A9DE14-DB7A-41D9-9D7E-ED494E6FCBAF}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.31 (x64) (HKLM\...\{0950F07D-F1C4-47A5-AC88-C5FAA5DC564D}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.20 (x64) (HKLM\...\{221BB52A-B763-4C9D-AA62-4B0B6C9AAD62}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.7 (x64) (HKLM\...\{ECCA3DB0-6DEF-42CD-A21A-F2F7B918FB59}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.20 - Shared Framework (x64) (HKLM-x32\...\{6c2f4b5b-86d2-4aff-bf79-d1e73cc20ab3}) (Version: 7.0.20.24269 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.20 Shared Framework (x64) (HKLM\...\{BD401329-F877-391C-9E5A-FEB423C5A196}) (Version: 7.0.20.24269 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.7 - Shared Framework (x64) (HKLM-x32\...\{4a749a1a-b799-41b4-a328-33a7b2355e76}) (Version: 7.0.7.23274 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.7 Shared Framework (x64) (HKLM\...\{5ECA54B7-62F2-39EE-9514-31F7DFFFC968}) (Version: 7.0.7.23274 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.68 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.68 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3710519103-3053279781-354438042-1003\...\OneDriveSetup.exe) (Version: 24.111.0602.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-3710519103-3053279781-354438042-1003\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.90.2 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.31 (x64) (HKLM\...\{EFE53353-800E-4987-B965-1C968D0F23A4}) (Version: 48.124.15242 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.31 (x64) (HKLM-x32\...\{1a7abdc5-639b-4af0-87c6-dbc511750c6e}) (Version: 6.0.31.33720 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM\...\{72C29BED-666F-4E5E-BC49-DF44C890742E}) (Version: 56.80.15245 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM-x32\...\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}) (Version: 7.0.20.33720 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM\...\{593F16DC-C2D3-4740-ABD4-A171B4E32B06}) (Version: 56.31.61651 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM-x32\...\{e875fc20-9a37-4344-b046-0bb037cb2d57}) (Version: 7.0.7.32525 - Microsoft Corporation)
MongoDB 7.0.11 2008R2Plus SSL (64 bit) (HKLM\...\{6F87AA02-6D33-428D-B845-4250C13C17F8}) (Version: 7.0.11 - MongoDB Inc.)
MongoDB Compass (HKU\S-1-5-21-3710519103-3053279781-354438042-1003\...\MongoDBCompass) (Version: 1.43.1 - MongoDB Inc)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 125.0.3 (x64 en-US)) (Version: 125.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 122.0.1 - Mozilla)
Nmap 7.95 (HKLM-x32\...\Nmap) (Version: 7.95 - Nmap Project)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.79 - Nmap Project)
NVM for Windows 1.1.12 (HKLM\...\40078385-F676-4C61-9A9C-F9028599D6D3_is1) (Version: 1.1.12 - Ecor Ventures LLC)
Oracle VM VirtualBox 7.0.14 (HKLM\...\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}) (Version: 7.0.14 - Oracle and/or its affiliates)
Plarium Play (HKLM-x32\...\{1b16bdf4-f85f-4248-ae9c-6105e7beca99}) (Version: 9.4.0 - Plarium)
PlariumPlay (HKLM-x32\...\{B8E0E173-DE7E-46CD-8AC2-73F746632F0B}) (Version: 9.4.0 - Plarium) Hidden
Postman x86_64 11.1.0 (HKU\S-1-5-21-3710519103-3053279781-354438042-1003\...\Postman) (Version: 11.1.0 - Postman)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
SecondLifeViewer (HKLM\...\SecondLifeViewer) (Version: 7.1.7.8974243247 - Linden Research, Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Packages:
=========
Dark Skies by Tracy Hymas -> C:\Program Files\WindowsApps\Microsoft.DarkSkiesbyTracyHymas_1.0.0.0_neutral__8wekyb3d8bbwe [2024-04-14] (Microsoft Corporation)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_4.0.16.0_x64__htrsf667h5kn2 [2024-05-18] (Dell Inc)
DuckDuckGo -> C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.79.0.0_x64__ya2fgkz3nks94 [2024-05-30] (DuckDuckGo) [Startup Task]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-17] (INTEL CORP) [Startup Task]
Killer Control Center -> C:\Program Files\WindowsApps\rivetnetworks.killercontrolcenter_2.4.3337.0_x64__rh07ty8m5nkag [2024-02-17] (Rivet Networks LLC) [Startup Task]
Light and Dark by Nick Boyer -> C:\Program Files\WindowsApps\Microsoft.LightandDarkbyNickBoyer_1.0.0.0_neutral__8wekyb3d8bbwe [2024-04-15] (Microsoft Corporation)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2406.5001.0_x64__8wekyb3d8bbwe [2024-06-19] (Microsoft Corporation) [Startup Task]
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2024-05-22] (Microsoft Corporation)
Snapchat -> C:\Program Files\WindowsApps\SnapInc.Snapchat_3.0.1.0_neutral__k1zn018256b8e [2024-03-09] (Snap Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0 [2024-06-06] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID\{13c604e2-fa89-b4a6-fbd6-ce16e55707cf}\localserver32 -> "C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.1.0-0.0.0\dotnet\info\PlariumPlayInfo.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID\{31c9b23f-3e74-1158-2eca-1bd8ec9b6d58}\localserver32 -> "C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.0.0-0.0.0\dotnet\info\PlariumPlayInfo.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID\{92c6b55b-a953-5b20-f141-f9182e580bf2}\localserver32 -> C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.3.0-0.0.0\dotnet\info\PlariumPlayInfo.exe (Plarium Global LTD -> PlariumPlayInfo)
CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID\{a961359d-f7dd-9651-5e16-518df5808d8e}\localserver32 -> "C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.2.0-0.0.0\dotnet\info\PlariumPlayInfo.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID\{e0336e82-8f2e-69e8-a334-fcb224165932}\localserver32 -> C:\User
|
Please attach these log to your next message (lik you already did in your first post here) rather than inserting them. |
Also I just had something pop up which I didn't download anything so it seems odd to me and when it popped up I also went and checked to see if my computer is up to date and it is but the notification says restart required you PC needs to be restarted to finish setting up this device: killer wireless-n/a/ac 1435 wireless network adapter. |
Please show me a screenshot (or shapshot) of such pop up window. |
Please, clarify, do you mean system notification with "Restart required message"? To solve too much distraction of such system messages, you can follow this instruction: |
i also just got this. everytime i try to download something into the program files it says im not the admin when this is my computer and it shows im the admin. speaking of the notification ive never seen one like that before on any of my computers thats why it concerned me. The virus concern is due to random ads popping up when im not even clicking on anything or have anything opened |
It is correct behaviour due to specific of Windows 10 security design. If you have random ads pop-up, please attach a screenshot of such window. We don't see any signs of it so far. |
Closed. |
everytime i try to login to github it instantly shuts down chrome i
havent been able to do much on my computer and im not sure why so i
havent been able to respond but i remembered that i could write you back in
gmail when i got your email
…On Thu, Jul 11, 2024 at 12:22 PM Alex Dragokas ***@***.***> wrote:
Closed #252 <#252> as
completed.
—
Reply to this email directly, view it on GitHub
<#252 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZ4HLTB4UR6B4QM5R2QYGATZL3LO5AVCNFSM6AAAAABJUIOH2OVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJTGQ3TMNBYGA4DOOI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Please, prepare new CollectionLog according to initial rules. |
Okay I will
…On Sat, Jul 13, 2024, 11:56 AM Alex Dragokas ***@***.***> wrote:
Please, prepare new CollectionLog according to initial rules
<https://github.com/dragokas/hijackthis/wiki/How-to-make-a-request-for-help-in-the-PC-cure-section%3F>
.
—
Reply to this email directly, view it on GitHub
<#252 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZ4HLTATGZJUN5UWBZU7V63ZMFZ4VAVCNFSM6AAAAABJUIOH2OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRXGA2DMMRYGE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
CollectionLog-2024.06.20-09.02.zip
The text was updated successfully, but these errors were encountered: