• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Closed/Inactive Random constantly application popping up? (need help to remove or fix)

Status
Not open for further replies.
Maloko Jazz

Maloko Jazz

PCHF Member
Jan 17, 2022
4
0
21
#1
Not sure what this application is. Is this a virus or some sort? Everytime it pops while I'm on another application it minimizes it and keeps interupting what I'm doing and it gets pretty annoying. I even had Task Manager open the moment it popped up again and it doesn't show up as an app or anything on there either. Any Ideas ?
 

Attachments

  • Desktop 2022.01.17 - 18.38.19.01 (2)_Moment.jpg
    Desktop 2022.01.17 - 18.38.19.01 (2)_Moment.jpg
    1.3 MB · Views: 67
#2
Please download FRST. It is important FRST is downloaded to your desktop.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.
icon2-jpg.794

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.
frst-disclaimer-jpg.795

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"
frst-jpg.796

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
2016-08-12_152002-jpg.797

Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 
#3
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2022
Ran by kimbl (administrator) on DESKTOP-LPDRFGB (17-01-2022 19:03:13)
Running from C:\Users\kimbl\Desktop
Loaded Profiles: kimbl
Platform: Microsoft Windows 10 Home Version 20H2 19042.1466 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <47>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\spaceman.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0bc9105c62ca22fb\Display.NvContainer\NVDisplay.Container.exe <2>
(Nvidia Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(Nvidia Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe <2>
(Nvidia Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\APO0520Drv\Drivers\x64\THXHelper0520.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\THXVAD\Drivers\x64\THXHelper22AD.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(Razer USA Ltd. -> THX) C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [857376 2019-01-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch (No File)
HKLM\...\Run: [THX22adHelper] => C:\Program Files (x86)\Razer\THXVAD\Drivers\x64\THXHelper22ad.exe [386008 2019-09-18] (Razer USA Ltd. -> )
HKLM\...\Run: [THX0520Helper] => C:\Program Files (x86)\Razer\APO0520Drv\Drivers\x64\THXHelper0520.exe [386008 2019-09-18] (Razer USA Ltd. -> )
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-12-12] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267432 2021-12-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3524216 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\Run: [Spotify] => C:\Users\kimbl\AppData\Roaming\Spotify\Spotify.exe [19184056 2022-01-16] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\Run: [f.lux] => C:\Users\kimbl\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3524216 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-11] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019D5BD5-4C40-4463-918A-61AED2B19210} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {03494DC5-16CA-4EC7-9A3A-45C731096B64} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649216 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {29823EDB-EE6C-40E6-8970-279273004AE4} - System32\Tasks\CCleanerSkipUAC - kimbl => C:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3EC523D9-9167-42D1-9C2E-7BBB594EE69C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {459D34C2-E80A-4425-A689-FE92044B9D10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-02] (Google LLC -> Google LLC)
Task: {47E8A662-4D8E-416E-9A56-13EF637AE919} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd -> Piriform)
Task: {5A3C8C01-921A-4BE5-B412-ACD6FD8D00A6} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804408 2021-12-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {67CC2A0B-F386-4460-B3B9-D52E1DBBD7E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7217B365-123A-4D3B-9950-F8DA46D8C5ED} - System32\Tasks\ChromeLoader => cmd /c start /min "" powershell -ExecutionPolicy Bypass -WindowStyle Hidden -E JABlAHgAdABQAGEAdABoACAAPQAgACIAJAAoACQAZQBuAHYAOgBMAE8AQwBBAEwAQQBQAFAARABBAFQAQQApAFwAYwBoAHIAbwBtAGUAIgAKACQAYwBvAG4AZgBQAGEAdABoACAAPQAgACIAJABlAHgAdABQAGEAdABoAFwAYwBvAG4AZgAuAGoAcwAiAAoAJABhAHIAYwBoAGkAdgBlAE4AYQBtAGUAI (the data entry has 4315 more characters). <==== ATTENTION
Task: {772B9C00-8C25-423D-9137-D8FC6C79B385} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {835331B2-5676-409D-9D8C-154F39B5E594} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-02] (Google LLC -> Google LLC)
Task: {915432F5-C751-4B27-A077-B160119EA2D7} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A6D5BE31-7AB9-42B4-96AD-87256F572D2B} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B8F45D40-9D85-4256-91C4-8D03F30232EE} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {BA356BAD-F687-4347-9E4A-F7EC69881776} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD0A193D-718E-42D8-9BD6-03CDF31A6147} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C15073DB-0EED-4F34-8967-08BCF63EA012} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD6AB059-49A4-42C5-92EC-05ADD6907679} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {DD0C5BD6-8B39-4B1E-96DB-D3C09B9489BE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341312 2021-12-09] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F4EEC5A4-9315-4887-8B87-9BB7E35D1077} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26
Tcpip\..\Interfaces\{4c592645-69d2-43b4-b8a2-cefefb9d9c27}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{b40f418d-58e1-49c6-99b7-d57f7191375a}: [DhcpNameServer] 192.168.0.1 205.171.3.26
Tcpip\..\Interfaces\{d0d26d06-fba2-4489-be53-d7aa7036c29e}: [DhcpNameServer] 192.168.0.1 205.171.3.26
Tcpip\..\Interfaces\{d2889d52-1ee2-449a-8e9c-3e5e99dcd8fa}: [DhcpNameServer] 192.168.0.1 205.171.3.26

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\kimbl\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-08]
Edge HomePage: Default -> hxxps://www.google.com/webhp?hl=en&sa=X&ved=0ahUKEwiklPmnqN7UAhUB74MKHTOmCJkQPAgD
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-12-12] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-12-12] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default [2022-01-17]
CHR HomePage: Default -> hxxps://www.google.com/webhp?hl=en&sa=X&ved=0ahUKEwiklPmnqN7UAhUB74MKHTOmCJkQPAgD
CHR Extension: (Slides) - C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-02]
CHR Extension: (Docs) - C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-02]
CHR Extension: (Google Drive) - C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-02]
CHR Extension: (Ruffle) - C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\donbcfbmhbcapadipfkeojnmajbakjdc [2021-12-19]
CHR Extension: (Sheets) - C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-02]
CHR Extension: (Google Docs Offline) - C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-02]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-01-04]
CHR Extension: (PowerPoint Online) - C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2020-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\kimbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Options) - C:\Users\kimbl\AppData\Local [2022-01-17]

Opera:
=======
OPR Profile: C:\Users\kimbl\AppData\Roaming\Opera Software\Opera Stable [2022-01-08]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\kimbl\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-09-05]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\kimbl\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-09-05]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844528 2021-12-12] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8915368 2021-09-30] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520 2022-01-14] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1142808 2021-10-19] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [451608 2021-11-17] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1347640 2021-10-19] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-10-18] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294520 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2074928 2021-08-24] (Rockstar Games, Inc. -> Rockstar Games)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533824 2021-10-21] (Razer USA Ltd. -> Razer Inc.)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 THXService; C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe [356312 2019-09-18] (Razer USA Ltd. -> THX)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0bc9105c62ca22fb\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0bc9105c62ca22fb\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 atvi-brynhildr; C:\ProgramData\Battle.net_components\brynhildr_odin\brynhildr.sys [2355952 2021-12-23] (Activision Publishing Inc -> Activision Blizzard, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2021-10-31] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [63696 2021-10-31] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 MpKsl079d147f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B99215BC-0E46-494F-A3E9-0136DADC6A0B}\MpKslDrv.sys [134376 2022-01-17] (Microsoft Windows -> Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 R0RazerSynapseService; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.sys [14544 2022-01-16] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_008a; C:\WINDOWS\System32\drivers\RzDev_008a.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_021e; C:\WINDOWS\System32\drivers\RzDev_021e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0243; C:\WINDOWS\System32\drivers\RzDev_0243.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0306; C:\WINDOWS\System32\drivers\RzDev_0306.sys [52504 2020-02-17] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0520; C:\WINDOWS\System32\drivers\RzDev_0520.sys [54088 2021-03-22] (Razer USA Ltd. -> Razer Inc)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 sTHXVAD; C:\WINDOWS\System32\drivers\THXVAD.sys [162184 2019-09-17] (Razer USA Ltd. -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-17 19:03 - 2022-01-17 19:03 - 000025435 _____ C:\Users\kimbl\Desktop\FRST.txt
2022-01-17 19:02 - 2022-01-17 19:03 - 000000000 ____D C:\FRST
2022-01-17 19:02 - 2022-01-17 19:02 - 002311680 _____ (Farbar) C:\Users\kimbl\Desktop\FRST64.exe
2022-01-17 19:01 - 2022-01-17 19:02 - 002311680 _____ (Farbar) C:\Users\kimbl\Downloads\FRST64.exe
2022-01-17 17:07 - 2022-01-17 17:07 - 000000000 ____D C:\Users\kimbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marble Blast Gold
2022-01-17 17:06 - 2022-01-17 17:07 - 000000000 ____D C:\Program Files (x86)\Marble Blast Gold
2022-01-17 17:05 - 2022-01-17 17:06 - 023684992 _____ C:\Users\kimbl\Downloads\marble_blast_gold_v1.4.zip
2022-01-15 15:58 - 2022-01-15 15:58 - 044675602 _____ C:\Users\kimbl\Downloads\XV2INS.zip
2022-01-15 15:46 - 2022-01-15 15:46 - 000000000 ____D C:\Users\kimbl\AppData\Roaming\XV2INS
2022-01-15 15:44 - 2022-01-15 15:44 - 001061838 _____ C:\Users\kimbl\Downloads\xv2patcher_3.7.zip
2022-01-15 15:41 - 2022-01-15 15:41 - 000000000 ____D C:\Users\kimbl\Downloads\Revamp Xenoverse 2 - Complete Edition (Christmas in Conton)
2022-01-15 11:01 - 2022-01-15 11:53 - 1028067258 _____ C:\Users\kimbl\Downloads\Revamp Xenoverse 2 - Complete Edition (Christmas in Conton).rar
2022-01-12 00:00 - 2022-01-12 00:00 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-12 00:00 - 2022-01-12 00:00 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-12 00:00 - 2022-01-12 00:00 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-11 23:56 - 2022-01-11 23:56 - 000000000 ___HD C:\$WinREAgent
2022-01-09 18:39 - 2022-01-14 16:00 - 000000000 ____D C:\Users\kimbl\AppData\Local\LogMeIn Hamachi
2022-01-09 18:39 - 2022-01-09 18:39 - 000000000 ____D C:\Users\kimbl\AppData\Local\LogMeIn
2022-01-09 18:39 - 2022-01-09 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2022-01-09 18:39 - 2022-01-09 18:39 - 000000000 ____D C:\ProgramData\LogMeIn
2022-01-09 18:39 - 2022-01-09 18:39 - 000000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2022-01-09 18:38 - 2022-01-09 18:39 - 009142272 _____ C:\Users\kimbl\Downloads\hamachi.msi
2022-01-08 04:52 - 2022-01-17 17:03 - 000000000 ____D C:\Program Files\CCleaner
2022-01-08 04:52 - 2022-01-12 15:00 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-01-08 04:52 - 2022-01-08 04:52 - 000002904 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - kimbl
2022-01-08 04:52 - 2022-01-08 04:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-01-08 04:51 - 2022-01-08 04:52 - 036563408 _____ (Piriform Software Ltd) C:\Users\kimbl\Downloads\ccsetup588.exe
2022-01-07 23:22 - 2022-01-07 23:22 - 000000000 ____D C:\Users\kimbl\AppData\LocalLow\Bossa Studios
2022-01-07 22:49 - 2022-01-13 05:29 - 000000000 ____D C:\Users\kimbl\AppData\Local\chrome
2022-01-07 22:48 - 2022-01-07 23:17 - 890999084 _____ C:\Users\kimbl\Downloads\Surgeon.Simulator.Anniversary.Edition.Inside.Donald.Trump-TiNYiSO.rar
2022-01-07 22:48 - 2022-01-07 22:48 - 000012830 _____ C:\WINDOWS\system32\Tasks\ChromeLoader
2022-01-04 04:02 - 2022-01-04 04:02 - 000025576 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_1400224349460993.dll
2022-01-01 20:06 - 2021-09-12 14:07 - 000262095 _____ C:\Users\kimbl\Documents\Adrian_Kimble_Resume.pdf
2021-12-31 07:02 - 2021-12-15 07:16 - 000038016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-12-31 07:01 - 2021-12-15 15:58 - 001450200 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-12-31 07:01 - 2021-12-15 15:58 - 001450200 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-12-31 07:01 - 2021-12-15 15:57 - 001874648 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-12-31 07:01 - 2021-12-15 15:57 - 001874648 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-12-31 07:01 - 2021-12-15 15:57 - 001466024 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-12-31 07:01 - 2021-12-15 15:57 - 001209312 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-12-31 07:01 - 2021-12-15 15:57 - 001112336 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-12-31 07:01 - 2021-12-15 15:57 - 001112336 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-12-31 07:01 - 2021-12-15 15:57 - 000966416 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-12-31 07:01 - 2021-12-15 15:57 - 000966416 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-12-31 07:01 - 2021-12-15 15:54 - 001524392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-12-31 07:01 - 2021-12-15 15:54 - 000802216 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-12-31 07:01 - 2021-12-15 15:54 - 000679384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-12-31 07:01 - 2021-12-15 15:54 - 000658344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-12-31 07:01 - 2021-12-15 15:54 - 000636840 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-12-31 07:01 - 2021-12-15 15:54 - 000565416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-12-31 07:01 - 2021-12-15 15:53 - 001597552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-12-31 07:01 - 2021-12-15 15:53 - 001175512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-12-31 07:01 - 2021-12-15 15:53 - 000794024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-12-31 07:01 - 2021-12-15 15:53 - 000708776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-12-31 07:01 - 2021-12-15 15:52 - 008725160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-12-31 07:01 - 2021-12-15 15:52 - 007843968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-12-31 07:01 - 2021-12-15 15:52 - 005732320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-12-31 07:01 - 2021-12-15 15:52 - 004938880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-12-31 07:01 - 2021-12-15 15:52 - 002852280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-12-31 07:01 - 2021-12-15 15:52 - 000452224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-12-31 07:01 - 2021-12-15 15:51 - 000851936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-12-31 07:01 - 2021-12-15 07:16 - 000085698 _____ C:\WINDOWS\system32\nvinfo.pb
2021-12-29 21:49 - 2021-12-30 18:16 - 000000000 ____D C:\Users\kimbl\Documents\Black Desert
2021-12-24 15:51 - 2021-12-24 15:51 - 000000279 _____ C:\Users\kimbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2021-12-24 02:04 - 2021-12-24 03:51 - 000000000 ____D C:\Users\kimbl\AppData\Roaming\Sonic3AIR
2021-12-24 01:33 - 2021-12-24 01:33 - 000000000 ____D C:\Users\kimbl\Documents\SEGA Mega Drive Classics
2021-12-24 01:33 - 2021-12-24 01:33 - 000000000 ____D C:\Users\kimbl\AppData\LocalLow\Sega
2021-12-23 23:59 - 2021-12-24 00:14 - 000000000 ____D C:\Users\kimbl\Documents\Sonic Unleashed Xbox 360 100%
2021-12-23 23:54 - 2021-12-24 00:10 - 000000000 ____D C:\Users\kimbl\AppData\Local\Unleash
2021-12-21 15:28 - 2021-12-21 15:28 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2021-12-20 13:29 - 2021-12-20 13:29 - 000000000 ____D C:\ProgramData\Battle.net_components

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-17 19:02 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-17 18:57 - 2020-10-02 14:42 - 000000000 ____D C:\Program Files (x86)\Steam
2022-01-17 18:56 - 2020-10-02 14:04 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-17 17:07 - 2020-04-07 07:38 - 000000000 ____D C:\Users\kimbl\AppData\Local\VirtualStore
2022-01-17 17:06 - 2020-10-03 01:54 - 000000000 ____D C:\Users\kimbl\Documents\Games
2022-01-17 17:00 - 2021-03-15 18:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-17 15:56 - 2021-12-12 13:24 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-01-17 13:00 - 2020-10-02 14:16 - 000000000 ____D C:\ProgramData\NVIDIA
2022-01-16 20:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-16 20:21 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-01-16 20:19 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-16 20:03 - 2020-10-02 14:02 - 000000000 ___RD C:\Users\kimbl\OneDrive
2022-01-16 20:02 - 2021-04-08 20:54 - 000003142 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2022-01-16 20:01 - 2021-03-15 18:32 - 001448810 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-16 20:01 - 2021-03-15 17:45 - 000484550 _____ C:\WINDOWS\system32\perfh011.dat
2022-01-16 20:01 - 2021-03-15 17:45 - 000132494 _____ C:\WINDOWS\system32\perfc011.dat
2022-01-16 20:01 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-16 19:57 - 2021-03-15 18:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-16 19:56 - 2021-03-15 18:23 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-16 19:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-01-16 07:15 - 2020-10-04 13:40 - 000000000 ____D C:\Users\kimbl\AppData\Local\CrashDumps
2022-01-16 06:13 - 2021-04-28 20:26 - 000000000 ____D C:\Users\kimbl\AppData\Roaming\Spotify
2022-01-16 04:41 - 2021-04-28 20:28 - 000000000 ____D C:\Users\kimbl\AppData\Local\Spotify
2022-01-15 10:38 - 2020-10-05 19:38 - 000000000 ____D C:\Users\kimbl\AppData\Roaming\DS4Windows
2022-01-15 10:04 - 2020-10-11 20:17 - 000000000 ____D C:\Users\kimbl\AppData\Roaming\discord
2022-01-15 09:35 - 2020-10-11 20:17 - 000000000 ____D C:\Users\kimbl\AppData\Local\Discord
2022-01-15 07:57 - 2020-10-06 22:47 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-14 16:14 - 2021-01-03 18:21 - 000000000 ____D C:\Users\kimbl\AppData\Local\Battle.net
2022-01-14 16:14 - 2021-01-03 18:16 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-01-14 09:36 - 2021-12-12 20:19 - 000001171 _____ C:\Users\kimbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DS4Windows.lnk
2022-01-13 05:31 - 2020-10-02 14:18 - 000000000 ____D C:\Users\kimbl\AppData\Local\D3DSCache
2022-01-13 05:13 - 2021-03-15 17:55 - 000000000 ____D C:\Users\kimbl
2022-01-12 15:02 - 2021-12-10 20:10 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2495500486-3152582607-302041777-1002
2022-01-12 15:02 - 2021-03-15 18:28 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2495500486-3152582607-302041777-1002
2022-01-12 15:02 - 2021-03-15 17:55 - 000002379 _____ C:\Users\kimbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-12 14:58 - 2020-10-02 21:14 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2022-01-12 00:25 - 2021-03-15 18:23 - 000307280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-12 00:25 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-12 00:24 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-12 00:24 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-12 00:24 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-12 00:24 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-12 00:24 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-12 00:24 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-12 00:24 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-12 00:01 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-11 23:56 - 2020-10-02 21:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-11 23:54 - 2020-10-02 21:19 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-11 14:38 - 2020-10-02 14:08 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-08 05:16 - 2021-02-18 10:04 - 000000000 ____D C:\Users\kimbl\Documents\A mess
2022-01-03 04:57 - 2020-04-07 07:38 - 000000000 ____D C:\Users\kimbl\AppData\Local\Packages
2022-01-03 04:55 - 2020-10-10 20:23 - 000000000 ____D C:\Users\kimbl\AppData\Local\PlaceholderTileLogoFolder
2022-01-01 10:38 - 2020-10-02 14:16 - 000000000 ____D C:\Users\kimbl\AppData\Local\NVIDIA
2021-12-31 07:02 - 2020-03-03 12:06 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-12-30 22:15 - 2020-10-03 20:16 - 000000000 ____D C:\Program Files (x86)\Toy Heroes Online
2021-12-29 21:52 - 2021-12-08 22:09 - 000000000 ____D C:\Users\kimbl\AppData\Roaming\EasyAntiCheat
2021-12-24 04:55 - 2021-03-15 18:28 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-24 04:55 - 2021-03-15 18:28 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-24 04:54 - 2021-03-15 18:28 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-24 04:54 - 2021-03-15 18:28 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-24 04:54 - 2021-03-15 18:28 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-24 04:54 - 2021-03-15 18:28 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-24 04:54 - 2021-03-15 18:28 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-24 04:54 - 2021-03-15 18:28 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-24 04:54 - 2021-03-15 18:28 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-24 04:54 - 2020-10-02 14:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-12-24 04:54 - 2020-03-03 12:06 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-12-23 23:32 - 2020-11-26 16:20 - 000000000 ____D C:\Users\kimbl\Documents\Xenia
2021-12-23 15:04 - 2020-11-04 00:11 - 000000000 ____D C:\Users\kimbl\AppData\Local\User Data
2021-12-22 15:11 - 2020-11-23 21:22 - 000000000 ____D C:\Users\kimbl\AppData\Local\Roblox
2021-12-22 13:15 - 2020-11-23 21:22 - 000000000 ____D C:\Users\kimbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-12-21 15:28 - 2020-10-08 22:39 - 000000000 ____D C:\Users\kimbl\Documents\My Games
2021-12-19 11:19 - 2020-11-09 22:52 - 000000000 ____D C:\Users\kimbl\AppData\Local\EpicGamesLauncher
2021-12-19 11:19 - 2020-11-09 17:25 - 000000000 ____D C:\Program Files\Epic Games
2021-12-19 09:55 - 2020-10-02 14:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2021-12-19 09:54 - 2021-12-12 13:32 - 000000000 ___RD C:\Users\kimbl\Creative Cloud Files
2021-12-19 09:54 - 2021-03-25 20:14 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2021-12-18 14:23 - 2020-04-07 07:38 - 000000000 ____D C:\Users\kimbl\AppData\Roaming\Adobe

==================== Files in the root of some directories ========

2020-10-08 14:33 - 2020-10-08 14:33 - 000000015 _____ () C:\Users\kimbl\AppData\Roaming\obs-virtualcam.txt
2021-12-12 14:23 - 2021-12-12 14:23 - 000000000 _____ () C:\Users\kimbl\AppData\Local\oobelibMkey.log
2020-12-25 05:13 - 2021-08-24 23:14 - 000000051 _____ () C:\Users\kimbl\AppData\Local\steam_autocloud.vdf

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by kimbl (17-01-2022 19:04:02)
Running from C:\Users\kimbl\Desktop
Microsoft Windows 10 Home Version 20H2 19042.1466 (X64) (2021-03-15 23:28:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2495500486-3152582607-302041777-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2495500486-3152582607-302041777-503 - Limited - Disabled)
Guest (S-1-5-21-2495500486-3152582607-302041777-501 - Limited - Disabled)
kimbl (S-1-5-21-2495500486-3152582607-302041777-1002 - Administrator - Enabled) => C:\Users\kimbl
WDAGUtilityAccount (S-1-5-21-2495500486-3152582607-302041777-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{19BDF435-8F4A-4AFC-80AE-AF007BD67A8E}) (Version: 4.18.5.4570 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{86b588ff-78bb-4251-85d5-56f2450b123a}) (Version: 4.14.2.4070 - Open Media LLC)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.0.788.2 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_0_2) (Version: 23.0.2.101 - Adobe Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.02 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.88 - Piriform)
Discord (HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\Flux) (Version: - f.lux Software LLC)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.66.5330 - GOM & Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.71 - Google LLC)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001080-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.80.1.1 - Intel Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Marble Blast Gold (HKLM-x32\...\Marble Blast Gold) (Version: - )
Microsoft .NET Runtime - 5.0.12 (x64) (HKLM-x32\...\{5bd6ae15-bcab-4509-86af-c5dfc54b60d7}) (Version: 5.0.12.30622 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\OneDriveSetup.exe) (Version: 21.245.1128.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.12 (x64) (HKLM-x32\...\{ce8037d8-35f7-4142-ad18-23609ac5db17}) (Version: 5.0.12.30623 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
MSI Afterburner 4.6.4 (HKLM-x32\...\Afterburner) (Version: 4.6.4 - MSI Co., LTD)
MSI Kombustor 4.1.11.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D)
MSYS2 64bit (HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\{5255fd28-fcf1-4fd6-a94a-58ed86452acb}) (Version: 20210228 - The MSYS2 Developers)
NVIDIA FrameView SDK 1.2.4999.30397803 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.4999.30397803 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.24.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.24.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 497.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 497.29 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.94 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.0.2 - OBS Project)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: 1.6.0 - PCSX2 Team)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PS Remote Play (HKLM-x32\...\{77FAB2DD-F7FB-41E5-AE39-F9C878736A58}) (Version: 4.5.0.08250 - Sony Interactive Entertainment Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.1215.121004 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8619 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 7.3.3 (HKLM-x32\...\RTSS) (Version: 7.3.3 - Unwinder)
Roblox Player for kimbl (HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\roblox-player) (Version: - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.46.448 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.0 - Rockstar Games)
Shotcut (HKLM-x32\...\Shotcut) (Version: 20.09.27 - Meltytech, LLC)
Slippi Launcher 1.6.5 (HKLM\...\6864321e-78ac-5f45-8ec5-314da299c62f) (Version: 1.6.5 - Jas Laferriere)
Sonic Robo Blast 2 v2.2 (HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\Sonic Robo Blast 2 v2.2_is1) (Version: 2.2.9 - Sonic Team Jr.)
Spotify (HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\Spotify) (Version: 1.1.76.447.g11f432d8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamElements OBS.Live (HKLM-x32\...\StreamElements OBS.Live) (Version: 20.6.24.635 - StreamElements)
SuperF4 (HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\SuperF4) (Version: 1.4 - Stefan Sundin)
Toy Heroes Online version 1.1.1.158 (HKLM-x32\...\{A7C5113C-0A14-432E-9F32-2A329683ECBC}_is1) (Version: 1.1.1.158 - EPT Media Switzerland)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\WinDirStat) (Version: - )
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-12-12] (Adobe Systems Incorporated)
Amazon Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.85.0_x64__pwbj9vvecjh7j [2022-01-11] (Amazon Development Centre (London) Ltd)
Cinebench -> C:\Program Files\WindowsApps\MAXONComputerGmbH.Cinebench_23.2.0.0_x64__rsne5bsk8s7tj [2020-11-18] (MAXON Computer GmbH)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-07] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.60.43512.0_x64__8wekyb3d8bbwe [2021-12-23] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-12-31] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-01-03] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2020-10-02] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2495500486-3152582607-302041777-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-22E3C99A1F6A} -> [Creative Cloud Files] => C:\Users\kimbl\Creative Cloud Files [2021-12-12 13:32]
CustomCLSID: HKU\S-1-5-21-2495500486-3152582607-302041777-1002_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-2495500486-3152582607-302041777-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0bc9105c62ca22fb\nvshext.dll [2021-12-15] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-10-08 14:08 - 2021-10-05 20:30 - 126961152 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2020-10-08 14:08 - 2021-10-05 20:30 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2020-10-08 14:08 - 2021-10-05 20:30 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2021-09-24 05:03 - 2021-09-24 05:03 - 001230336 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoFoundation.dll
2021-09-24 05:03 - 2021-09-24 05:03 - 000207872 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoJSON.dll
2021-09-24 05:03 - 2021-09-24 05:03 - 000810496 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoNet.dll
2021-09-24 05:03 - 2021-09-24 05:03 - 000238592 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoNetSSLWin.dll
2021-09-24 05:03 - 2021-09-24 05:03 - 000335360 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoUtil.dll
2021-09-24 05:03 - 2021-09-24 05:03 - 000455168 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoXML.dll
2020-10-08 14:08 - 2021-10-05 20:30 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4110]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-11-07] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-11-07] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-2495500486-3152582607-302041777-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\kimbl\Pictures\Saved Pictures\wallhaven-8oky1j.jpg
DNS Servers: 192.168.0.1 - 205.171.3.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2495500486-3152582607-302041777-1002\...\StartupApproved\Run: => "f.lux"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5887C340-5E78-4AC2-828E-4D0E7DADAE59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS) [File not signed]
FirewallRules: [{7CDECAA0-3D65-4EB1-9252-0C484FA8DF32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS) [File not signed]
FirewallRules: [UDP Query User{7D652C51-9D21-4825-B680-3B5A6E03231A}C:\users\kimbl\appdata\roaming\slippi desktop app\dolphin\dolphin.exe] => (Allow) C:\users\kimbl\appdata\roaming\slippi desktop app\dolphin\dolphin.exe () [File not signed]
FirewallRules: [TCP Query User{BA200095-FB60-40F5-8D8E-EA186ADF5E95}C:\users\kimbl\appdata\roaming\slippi desktop app\dolphin\dolphin.exe] => (Allow) C:\users\kimbl\appdata\roaming\slippi desktop app\dolphin\dolphin.exe () [File not signed]
FirewallRules: [UDP Query User{79550BD6-2783-46BD-B841-6EFD84BCEEE6}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{1D030FD0-C9DA-47EA-B4F8-BB7891F0EAAE}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{7FF9C34E-3773-4FBC-8EFB-851FB9FD0832}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D7163EBA-2D03-4245-A77F-D9BCAC9AB719}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{AE38A989-DE04-41CC-B125-65A6647B4E5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{32E05758-52D9-4AFF-8299-5AEB404B12A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{58224467-1C47-4DAE-A213-DC4B601B3E4F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E3F385F8-8862-4CBB-90C2-72E51ECEFFD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A20C0BC2-F527-4E4B-8F25-8468D2E9973A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A9BD5289-0B9B-4275-9000-950B0385443E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{0325885E-77F8-4E20-AEF6-FAED6CA8CCEC}C:\users\kimbl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kimbl\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{AA34D85D-9CF5-46C4-8E5B-83B26272A76A}C:\users\kimbl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kimbl\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1AC19852-F294-43BB-8775-CF1A366189D3}] => (Allow) X:\SteamLibrary\steamapps\common\DB Xenoverse 2\START.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{C4C505B2-557D-4A9D-8591-F1A1795A14BC}] => (Allow) X:\SteamLibrary\steamapps\common\DB Xenoverse 2\START.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{4C119CF5-C09E-4295-A7B2-7C50227B2569}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic Adventure DX\AppLauncher.exe () [File not signed]
FirewallRules: [{2EBEBBEB-1EB7-4A38-9E84-7C8FE9DEB2D7}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic Adventure DX\AppLauncher.exe () [File not signed]
FirewallRules: [{806A7207-C8E2-4750-A0B8-5598DCEA0770}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe (SEGA EUROPE LIMITED -> )
FirewallRules: [{25029BBE-71C9-48C4-A4A5-19D1CE51A8F1}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe (SEGA EUROPE LIMITED -> )
FirewallRules: [{0798F8A9-30F4-46AC-BCDA-67989247AF15}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe (SEGA EUROPE LIMITED -> )
FirewallRules: [{213335B3-7111-4584-9CCC-0C28D8A860A8}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe (SEGA EUROPE LIMITED -> )
FirewallRules: [{C8ABFC8E-D366-4174-B970-404CF1094AB2}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic Adventure 2\Launcher.exe () [File not signed]
FirewallRules: [{4D076DB4-4E92-4774-A95D-5C2AC0BCA71B}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic Adventure 2\Launcher.exe () [File not signed]
FirewallRules: [TCP Query User{9A67048B-834D-44B1-8314-F5C448C67663}X:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) X:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{F30DB37B-CC66-4CD5-B1F9-649235CECBC2}X:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) X:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{CE4CF1B8-2247-4C74-B744-CC8E2F0379D0}X:\call of duty modern warfare\modernwarfare.exe] => (Allow) X:\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{134ADB3B-53FD-40A5-B1CB-E2F2D2383270}X:\call of duty modern warfare\modernwarfare.exe] => (Allow) X:\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [TCP Query User{411BE2DF-77D0-407A-B616-739CB44A2AD9}X:\emulators\dolphin\melee netplay\dolphin.exe] => (Allow) X:\emulators\dolphin\melee netplay\dolphin.exe () [File not signed]
FirewallRules: [UDP Query User{D60BB95A-F43B-440F-84D2-C9662E4CC7C7}X:\emulators\dolphin\melee netplay\dolphin.exe] => (Allow) X:\emulators\dolphin\melee netplay\dolphin.exe () [File not signed]
FirewallRules: [TCP Query User{EA96668D-4FFA-4611-858B-1E3B8452E589}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{0F22C3FE-1516-44ED-875A-6AF917AF502E}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{2441E37D-3ED4-4949-999D-FAB040A71AEF}] => (Allow) C:\Program Files (x86)\Sony\PS Remote Play\RemotePlay.exe (Sony Interactive Entertainment Inc. -> Sony Interactive Entertainment Inc.)
FirewallRules: [{C8999EE6-A9D7-4448-AE17-508E6C55D703}] => (Allow) X:\SteamLibrary\steamapps\common\[NINJA GAIDEN Master Collection] NINJA GAIDEN Σ\NINJA GAIDEN SIGMA.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{0A243C68-A40A-4D55-BCF4-08ECB736AB00}] => (Allow) X:\SteamLibrary\steamapps\common\[NINJA GAIDEN Master Collection] NINJA GAIDEN Σ\NINJA GAIDEN SIGMA.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{5F3DBC22-DC71-432E-9CB4-3474C63D7C79}] => (Allow) X:\SteamLibrary\steamapps\common\[NINJA GAIDEN Master Collection] NINJA GAIDEN Σ2\NINJA GAIDEN SIGMA2.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{B2618ED8-9325-4659-ACB0-F7D387E21AE0}] => (Allow) X:\SteamLibrary\steamapps\common\[NINJA GAIDEN Master Collection] NINJA GAIDEN Σ2\NINJA GAIDEN SIGMA2.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [TCP Query User{82660469-4615-4A69-B324-56C86F6D7C56}X:\emulators\ps3\rpcs3.exe] => (Allow) X:\emulators\ps3\rpcs3.exe () [File not signed]
FirewallRules: [UDP Query User{5D5572E3-9FC9-4F98-93AA-04B11A3AFF3C}X:\emulators\ps3\rpcs3.exe] => (Allow) X:\emulators\ps3\rpcs3.exe () [File not signed]
FirewallRules: [TCP Query User{76CB6811-0572-44F8-964E-1676053EEE30}C:\users\kimbl\desktop\games\sonic battle r protov3-0.6.43\sonic battle r.exe] => (Allow) C:\users\kimbl\desktop\games\sonic battle r protov3-0.6.43\sonic battle r.exe => No File
FirewallRules: [UDP Query User{046492AB-064F-45F4-9D10-173948C64213}C:\users\kimbl\desktop\games\sonic battle r protov3-0.6.43\sonic battle r.exe] => (Allow) C:\users\kimbl\desktop\games\sonic battle r protov3-0.6.43\sonic battle r.exe => No File
FirewallRules: [{E935A08B-EF6B-4B02-847C-EA23AD7E7439}] => (Allow) X:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{0AF6AF0E-8CE2-4452-AEEF-929210476288}] => (Allow) X:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{75D39F58-AB53-48D5-AB8F-1560AAF74793}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{479AABF6-DE00-4C8F-A68D-3C0AFD0C9853}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{69592050-57DC-4A5F-8B28-6D445E99B354}] => (Allow) X:\SteamLibrary\steamapps\common\tModLoader\tModLoader.exe (Re-Logic) [File not signed]
FirewallRules: [{5B3218B6-64F5-4B2D-8913-12EA8C2E01A8}] => (Allow) X:\SteamLibrary\steamapps\common\tModLoader\tModLoader.exe (Re-Logic) [File not signed]
FirewallRules: [{9D28D230-AF03-4B9B-B3B7-0C59FD829BF5}] => (Allow) X:\SteamLibrary\steamapps\common\DRAGON BALL FighterZ\DBFighterZ.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{655FC72B-5D13-4CE8-90FB-25F81A1E3404}] => (Allow) X:\SteamLibrary\steamapps\common\DRAGON BALL FighterZ\DBFighterZ.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{27EA94B9-40FC-45C4-BA63-03239691A315}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{31A1F9AB-F230-4530-A579-A126C896ADA4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC2864C8-6667-46BE-97D6-D5710403A36A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A2F1C9A6-AFA3-450E-9E5C-D80D78CAE31B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B3605A66-317C-43E9-9088-32D8D68EA8E5}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic Mania\SonicMania.exe () [File not signed]
FirewallRules: [{2A74F18B-D9AD-4629-A2FD-07005D15381B}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic Mania\SonicMania.exe () [File not signed]
FirewallRules: [{559752F7-4769-440C-B176-86C609483B57}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic Generations\SonicGenerations.exe (Sega Europe Limited -> SEGA)
FirewallRules: [{F922F089-C686-4B90-A278-5538314AB01C}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic Generations\SonicGenerations.exe (Sega Europe Limited -> SEGA)
FirewallRules: [{CF20E37D-9136-4374-B205-022670A24A0C}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic Generations\ConfigurationTool.exe (SEGA) [File not signed]
FirewallRules: [{DA54E31E-E943-4F6E-AEB7-6F335E2EE1E6}] => (Allow) X:\SteamLibrary\steamapps\common\Sonic Generations\ConfigurationTool.exe (SEGA) [File not signed]
FirewallRules: [{A89D8253-3889-4B7D-995F-EDFDD4216692}] => (Allow) X:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [{09F5609C-F470-435F-92BD-D43BCE234A96}] => (Allow) X:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [{982DC97E-B1A0-4845-937D-1EC088BD07EB}] => (Allow) X:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{C74B17DE-18CE-4F48-B210-912DF88EACBE}] => (Allow) X:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [TCP Query User{E53AB0BD-847A-463C-AE6D-4BB846B7A503}X:\steamlibrary\steamapps\common\tmodloader\tmodloaderserver.exe] => (Allow) X:\steamlibrary\steamapps\common\tmodloader\tmodloaderserver.exe (Re-Logic) [File not signed]
FirewallRules: [UDP Query User{BC1781B7-0C81-411A-8B34-14834F101C40}X:\steamlibrary\steamapps\common\tmodloader\tmodloaderserver.exe] => (Allow) X:\steamlibrary\steamapps\common\tmodloader\tmodloaderserver.exe (Re-Logic) [File not signed]
FirewallRules: [{948CE55D-46D4-4BC5-A411-F70C033D479B}] => (Allow) X:\SteamLibrary\steamapps\common\Sega Classics\SEGAGameRoom.exe () [File not signed]
FirewallRules: [{32A35024-2C6A-4DC8-984A-84722B0FAAD9}] => (Allow) X:\SteamLibrary\steamapps\common\Sega Classics\SEGAGameRoom.exe () [File not signed]
FirewallRules: [{F53181AB-5D18-41E4-89AA-59EDE5EB89B4}] => (Allow) X:\SteamLibrary\steamapps\common\Sega Classics\SEGAGenesisClassics.exe (Sega Europe Limited -> )
FirewallRules: [{FC058E10-90DA-4D02-A342-FF14F33F5F9A}] => (Allow) X:\SteamLibrary\steamapps\common\Sega Classics\SEGAGenesisClassics.exe (Sega Europe Limited -> )
FirewallRules: [{D4526531-815A-47A5-B6C5-D972FE2AF74A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ED52CA1D-1248-4C1A-87CB-DFA792293566}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F26A8869-17CF-4B8E-9574-F74DA53BC815}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{73FD663C-B79E-446B-A2AA-8BBEBBA00000}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{C682C16B-C21B-42CC-95BF-3E1FCBF5CD66}] => (Allow) X:\SteamLibrary\steamapps\common\Black Desert Online\BlackDesertLauncher.exe (Pearl abyss Corp -> Pearlabyss)
FirewallRules: [{D3F57928-4386-4989-A77E-6119D719CCFE}] => (Allow) X:\SteamLibrary\steamapps\common\Black Desert Online\BlackDesertLauncher.exe (Pearl abyss Corp -> Pearlabyss)
FirewallRules: [{A7AFE3D8-1FC6-4917-9F8F-19638CB4D1D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{F992E53A-79E4-48DE-B850-FA402C01B9A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{E897DE56-FF90-4A61-A8D4-2ED8AA787A82}] => (Allow) X:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe (Team Psykskallar) [File not signed]
FirewallRules: [{74ADF81C-9BA0-4B5C-B2B4-30F133C5AAC6}] => (Allow) X:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe (Team Psykskallar) [File not signed]
FirewallRules: [TCP Query User{1444239D-E1BE-4D62-95BA-B168AB5FE52D}X:\steamlibrary\steamapps\common\cry of fear\cof.exe] => (Block) X:\steamlibrary\steamapps\common\cry of fear\cof.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{BCE4AD2C-B3E6-4545-840F-77AA54142A50}X:\steamlibrary\steamapps\common\cry of fear\cof.exe] => (Block) X:\steamlibrary\steamapps\common\cry of fear\cof.exe (Valve) [File not signed]
FirewallRules: [{0700E7C4-06C4-4E9A-95CF-D74C219131E7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

09-01-2022 03:58:41 Scheduled Checkpoint
09-01-2022 18:39:26 Installed LogMeIn Hamachi
11-01-2022 23:56:08 Windows Modules Installer
11-01-2022 23:56:29 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: HID-compliant headset
Description: HID-compliant headset
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/16/2022 07:16:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 5.88.0.9346, time stamp: 0x61afafe8
Faulting module name: CCleaner64.exe, version: 5.88.0.9346, time stamp: 0x61afafe8
Exception code: 0xc0000005
Fault offset: 0x00000000000c1a64
Faulting process id: 0x3f8c
Faulting application start time: 0x01d80b378398195a
Faulting application path: C:\Program Files\CCleaner\CCleaner64.exe
Faulting module path: C:\Program Files\CCleaner\CCleaner64.exe
Report Id: 24b231f3-4d80-45fc-9c02-170ee4cbcb8f
Faulting package full name:
Faulting package-relative application ID:

Error: (01/16/2022 07:14:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RED-Win64-Shipping.exe, version: 4.17.2.0, time stamp: 0x6128b994
Faulting module name: RED-Win64-Shipping.exe, version: 4.17.2.0, time stamp: 0x6128b994
Exception code: 0xc0000005
Fault offset: 0x000000000020d2fc
Faulting process id: 0x3e10
Faulting application start time: 0x01d80ad2114e098c
Faulting application path: X:\SteamLibrary\steamapps\common\DRAGON BALL FighterZ\RED\Binaries\Win64\RED-Win64-Shipping.exe
Faulting module path: X:\SteamLibrary\steamapps\common\DRAGON BALL FighterZ\RED\Binaries\Win64\RED-Win64-Shipping.exe
Report Id: 502d3280-2dbf-4ad8-9888-90776a4e9dba
Faulting package full name:
Faulting package-relative application ID:

Error: (01/12/2022 02:58:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: THXService.exe, version: 1.0.0.1, time stamp: 0x5d81b8c9
Faulting module name: ntdll.dll, version: 10.0.19041.1466, time stamp: 0xe2f8ca76
Exception code: 0xc0000374
Fault offset: 0x00000000000ff199
Faulting process id: 0x11b8
Faulting application start time: 0x01d807ee9cc4f675
Faulting application path: C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 05441b41-0c07-4db0-9466-0199bba0c946
Faulting package full name:
Faulting package-relative application ID:

Error: (01/12/2022 12:24:29 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Razer Synapse Service Process.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
at System.IO.__Error.FileNotOpen()
at System.IO.FileStream.Flush(Boolean)
at System.IO.FileStream.Flush()
at System.IO.StreamWriter.Flush(Boolean, Boolean)
at System.IO.StreamWriter.Flush()
at Microsoft.VisualBasic.Logging.FileLogTraceListener+ReferencedStream.CloseStream()
at Microsoft.VisualBasic.Logging.FileLogTraceListener.CloseCurrentStream()
at Microsoft.VisualBasic.Logging.FileLogTraceListener.WriteLine(System.String)
at Synapse3.UserInteractive.SynapseProcessListener.WriteLine(System.String)
at Microsoft.VisualBasic.Logging.FileLogTraceListener.TraceEvent(System.Diagnostics.TraceEventCache, System.String, System.Diagnostics.TraceEventType, Int32, System.String)
at System.Diagnostics.TraceInternal.TraceEvent(System.Diagnostics.TraceEventType, Int32, System.String, System.Object[])
at Synapse3.UserInteractive.DeviceDetectionHandler.Stop()
at Synapse3.UserInteractive.DeviceDetectionHandler.Finalize()

Error: (01/11/2022 08:03:22 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete slab consolidation on Maloko (X:) because: The slab consolidation operation was aborted because an insufficient number of slabs could be reclaimed (based on the limits specified in the registry). (0x89000028)

Error: (01/09/2022 06:39:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cof.exe, version: 1.1.1.1, time stamp: 0x48feaf5a
Faulting module name: crashhandler.dll, version: 6.96.74.78, time stamp: 0x61bbc018
Exception code: 0xc0000409
Fault offset: 0x0002b241
Faulting process id: 0x3244
Faulting application start time: 0x01d805b1b3f631a0
Faulting application path: X:\SteamLibrary\steamapps\common\Cry of Fear\cof.exe
Faulting module path: C:\Program Files (x86)\Steam\crashhandler.dll
Report Id: fccd87bc-f545-4272-98ed-8e5b3674ec73
Faulting package full name:
Faulting package-relative application ID:

Error: (01/09/2022 03:01:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RED-Win64-Shipping.exe, version: 4.17.2.0, time stamp: 0x6128b994
Faulting module name: RED-Win64-Shipping.exe, version: 4.17.2.0, time stamp: 0x6128b994
Exception code: 0xc0000005
Fault offset: 0x000000000020d2fc
Faulting process id: 0x383c
Faulting application start time: 0x01d8052dac13c7e4
Faulting application path: X:\SteamLibrary\steamapps\common\DRAGON BALL FighterZ\RED\Binaries\Win64\RED-Win64-Shipping.exe
Faulting module path: X:\SteamLibrary\steamapps\common\DRAGON BALL FighterZ\RED\Binaries\Win64\RED-Win64-Shipping.exe
Report Id: 94e88153-7c41-4255-994f-8a89b82c4e70
Faulting package full name:
Faulting package-relative application ID:

Error: (01/09/2022 02:49:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RED-Win64-Shipping.exe, version: 4.17.2.0, time stamp: 0x6128b994
Faulting module name: steamclient64.dll, version: 6.96.74.78, time stamp: 0x61bbc0a9
Exception code: 0xc0000005
Fault offset: 0x00000000006e5d45
Faulting process id: 0xe5c
Faulting application start time: 0x01d8052c8f28e809
Faulting application path: X:\SteamLibrary\steamapps\common\DRAGON BALL FighterZ\RED\Binaries\Win64\RED-Win64-Shipping.exe
Faulting module path: C:\Program Files (x86)\Steam\steamclient64.dll
Report Id: 07b6361a-832d-493a-92cd-159c3a13491c
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (01/16/2022 07:58:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.

Error: (01/16/2022 07:57:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:28:03 PM on ‎1/‎16/‎2022 was unexpected.

Error: (01/14/2022 07:55:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:33:11 PM on ‎1/‎13/‎2022 was unexpected.

Error: (01/13/2022 05:12:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.

Error: (01/13/2022 05:12:23 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:37:20 AM on ‎1/‎13/‎2022 was unexpected.

Error: (01/12/2022 02:58:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The THXService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/12/2022 02:57:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.

Error: (01/12/2022 02:57:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:25:49 AM on ‎1/‎12/‎2022 was unexpected.


Windows Defender:
================
Date: 2022-01-16 17:39:02
Description:
Microsoft Defender Antivirus スキャンは完了する前に停止しました。
スキャン ID: {781D3549-5DFC-4551-9960-AFA99CBBAEC4}
スキャンの種類: Antimalware
スキャン パラメーター: Quick Scan
ユーザー: NT AUTHORITY\SYSTEM

Date: 2022-01-13 05:29:15
Description:
Microsoft Defender Antivirus でマルウェアまたは他の望ましくない可能性のあるソフトウェアが検出されました。
詳細については、次を参照してください:
名前: Trojan:Win32/Choziosi.A
重大度: Severe
カテゴリ: Trojan
パス: file:_C:\Users\kimbl\AppData\Local\chrome\conf.js
検出元の場所: Local machine
検出の種類: Concrete
検出元: Real-Time Protection
ユーザー: DESKTOP-LPDRFGB\kimbl
プロセス名: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
セキュリティ インテリジェンスのバージョン: AV: 1.355.1831.0, AS: 1.355.1831.0, NIS: 1.355.1831.0
エンジンのバージョン: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-11 21:16:50
Description:
Microsoft Defender Antivirus スキャンは完了する前に停止しました。
スキャン ID: {D9ECA314-46F8-485E-83E0-0DA27BDD3C9F}
スキャンの種類: Antimalware
スキャン パラメーター: Quick Scan
ユーザー: NT AUTHORITY\SYSTEM

Date: 2022-01-11 20:03:20
Description:
Microsoft Defender Antivirus スキャンは完了する前に停止しました。
スキャン ID: {B7F2EB6F-602A-476D-87F1-37627E7D8D2E}
スキャンの種類: Antimalware
スキャン パラメーター: Quick Scan
ユーザー: NT AUTHORITY\SYSTEM

Date: 2022-01-01 11:18:19
Description:
Microsoft Defender Antivirus スキャンは完了する前に停止しました。
スキャン ID: {657E7282-4EFE-46A5-B39A-8BD30B36F4AF}
スキャンの種類: Antimalware
スキャン パラメーター: Quick Scan
ユーザー: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2022-01-16 20:08:09
Description:
Microsoft Defender Antivirus でセキュリティ インテリジェンスを更新しようとしてエラーが発生しました。
新しいセキュリティ インテリジェンスのバージョン:
以前のセキュリティ インテリジェンスのバージョン: 1.355.2019.0
更新元: Microsoft Update Server
セキュリティ インテリジェンスの種類: AntiVirus
更新の種類: Full
ユーザー: NT AUTHORITY\SYSTEM
現在のエンジンのバージョン:
以前のエンジンのバージョン: 1.1.18800.4
エラー コード: 0x80240438
エラーの説明: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===============
Date: 2022-01-02 21:12:16
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0bc9105c62ca22fb\NvCamera\NvCameraAllowlisting64.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-12-04 08:51:41
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-12-04 08:51:41
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b8346c359fcd6093\NvCamera\NvCameraAllowlisting64.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-11-01 16:50:27
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\kimbl\Downloads\BT-22.80.1-64-Win10-Win11.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.70 12/17/2019
Motherboard: ASRock B450M/ac
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 40%
Total physical RAM: 16313.87 MB
Available physical RAM: 9646.34 MB
Total Virtual: 18745.87 MB
Available Virtual: 8558.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.13 GB) (Free:230.82 GB) NTFS
Drive x: (Maloko) (Fixed) (Total:1023.87 GB) (Free:644.47 GB) NTFS

\\?\Volume{f67417a9-3877-4f5c-9a1a-63bedc7fdd08}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{45410b06-3e22-420a-a143-9fde3079b53b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 22770D4A)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

==================== End of Addition.txt =======================
 
#4
While I go over the logs please do the following.

  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exe and select
    Spcusrh.png
    Run as Administrator
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete
  • Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button
  • Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
  • Close all other open windows and allow it to restart
  • After the restart, Notepad will open with the AdwCleaner cleaning log
  • Please copy and paste the contents of that log into your next reply to me
HijackThis.


1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.
 
#5
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-17-2022
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1419 octets] - [17/01/2022 19:22:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-17-2022
# Duration: 00:00:06
# OS: Windows 10 Home
# Scanned: 32026
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.Legacy C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
#6
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:30:50 PM, on 1/17/2022
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.1202)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
C:\WINDOWS\SysWOW64\DllHost.exe
C:\Users\kimbl\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.62\BHO\ie_to_edge_bho.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe CCXProcess] C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [OneDrive] "C:\Users\kimbl\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized
O4 - HKCU\..\Run: [Spotify] C:\Users\kimbl\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
O4 - HKCU\..\Run: [f.lux] "C:\Users\kimbl\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: AdobeUpdateService - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_b8f0d - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EasyAntiCheat - Epic Games, Inc - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA FrameView SDK service (FvSvc) - NVIDIA - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\97.0.4692.71\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: @oem73.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0bc9105c62ca22fb\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Razer Chroma SDK Server - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
O23 - Service: Razer Chroma SDK Service - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
O23 - Service: Razer Chroma Stream Server - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
O23 - Service: Razer Game Manager (Razer Game Manager Service) - Razer Inc - C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
O23 - Service: Razer Synapse Service - Razer Inc. - C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
O23 - Service: Rockstar Game Library Service (Rockstar Service) - Rockstar Games - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\WINDOWS\System32\RtkAudUService64.exe (file missing)
O23 - Service: Razer Central Service (RzActionSvc) - Razer Inc. - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @oem50.inf,%ss_conn_launcher.SvcDesc%;SAMSUNG Mobile USB Connectivity Launcher (ss_conn_launcher_service) - Unknown owner - C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: THXService - THX - C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10665 bytes
 
#7
That is the incorrect version of Hijack this.
please download from the link below.


FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.zip
    1.3 KB · Views: 10
#8
For some reason the fixlist is not attaching to the message.


Copy the text below, save it as fixlist.txt to your desktop
Run FRST.exe and click the fix button.


Start::
SystemRestore: On
CreateRestorePoint:
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-11] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {7217B365-123A-4D3B-9950-F8DA46D8C5ED} - System32\Tasks\ChromeLoader => cmd /c start /min "" powershell -ExecutionPolicy Bypass -WindowStyle Hidden -E JABlAHgAdABQAGEAdABoACAAPQAgACIAJAAoACQAZQBuAHYAOgBMAE8AQwBBAEwAQQBQAFAARABBAFQAQQApAFwAYwBoAHIAbwBtAGUAIgAKACQAYwBvAG4AZgBQAGEAdABoACAAPQAgACIAJABlAHgAdABQAGEAdABoAFwAYwBvAG4AZgAuAGoAcwAiAAoAJABhAHIAYwBoAGkAdgBlAE4AYQBtAGUAI (the data entry has 4315 more characters). <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\ChromeLoader
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4110]
FirewallRules: [TCP Query User{9A67048B-834D-44B1-8314-F5C448C67663}X:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) X:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{F30DB37B-CC66-4CD5-B1F9-649235CECBC2}X:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) X:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{76CB6811-0572-44F8-964E-1676053EEE30}C:\users\kimbl\desktop\games\sonic battle r protov3-0.6.43\sonic battle r.exe] => (Allow) C:\users\kimbl\desktop\games\sonic battle r protov3-0.6.43\sonic battle r.exe => No File
FirewallRules: [UDP Query User{046492AB-064F-45F4-9D10-173948C64213}C:\users\kimbl\desktop\games\sonic battle r protov3-0.6.43\sonic battle r.exe] => (Allow) C:\users\kimbl\desktop\games\sonic battle r protov3-0.6.43\sonic battle r.exe => No File
EmptyTemp:
Reboot:
End::
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu