dragokas / hijackthis

A free utility that finds malware, adware and other security threats
http://hjt.sf.net
GNU General Public License v2.0
703 stars 112 forks source link

Possible Malware or virus I'm not sure I've tried and tried so I'm finally asking for help #252

Closed nikkimarie31 closed 3 months ago

nikkimarie31 commented 5 months ago

CollectionLog-2024.06.20-09.02.zip

dragokas commented 5 months ago

Hi, thank you for the log.

We'll return to you as soon as possible.

Meanwhile, please describe in details what are the signs of infection did you notice?


Please, note that only members of VIRUSNET-Association are allowed to respond to PC cure topics. Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge in our free time. If you found our help useful, you can thank us with any amount using this form or you can leave feedback in Guestbook.

Sandor-Helper commented 5 months ago

Hi, I do not see any obvious signs of infection so far. Waiting for your description. And please do these logs:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

nikkimarie31 commented 5 months ago

Thank you so much for helping me. After my son used my computer, I started getting random pop up without anything even being open. I would just shut everything down with the task manager and then all of a sudden multiple ads would pop up. I thought I had stopped them by uninstalling some applications I didn't recognize and then another one popped up the other day while I was working on my computer. I attached the two files you requested. Thank you again for your time.


From: Sandor-Helper @.> Sent: Friday, June 21, 2024 5:42 AM To: dragokas/hijackthis @.> Cc: nicole eddy @.>; Author @.> Subject: Re: [dragokas/hijackthis] Possible Malware or virus I'm not sure I've tried and tried so I'm finally asking for help (Issue #252)

Hi, I do not see any obvious signs of infection so far. Waiting for your description. And please do these logs:

Please download Farbar Recovery Scan Toolhttps://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

— Reply to this email directly, view it on GitHubhttps://github.com/dragokas/hijackthis/issues/252#issuecomment-2182681949, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AZ4HLTGTSR3A4U3NZLNOKXTZIQNUXAVCNFSM6AAAAABJUIOH2OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBSGY4DCOJUHE. You are receiving this because you authored the thread.Message ID: @.***>

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.06.2024 Ran by nikkimarie (administrator) on DESKTOP-EI2OC1S (Dell Inc. XPS 13 9370) (23-06-2024 09:39:28) Running from C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\FRST64.exe Loaded Profiles: nikkimarie Platform: Microsoft Windows 10 Pro Version 22H2 19045.4529 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.CoreServices.Client.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe (C:\Program Files\Git\bin\bash.exe ->) (Johannes Schindelin -> ) C:\Program Files\Git\usr\bin\bash.exe <2> (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2> (C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.612.100_x64__8wekyb3d8bbwe\olk.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe <7> (C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\dotnet\PlariumPlay.NetHost.exe ->) (Plarium Global LTD -> PlariumPlayInfo) C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\dotnet\info\PlariumPlayInfo.exe (C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\PlariumPlay.exe ->) (Plarium Global LTD -> PlariumPlay.NetHost) C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\dotnet\PlariumPlay.NetHost.exe (C:\Users\nikkimarie\AppData\Local\Programs\Microsoft VS Code\Code.exe ->) (Johannes Schindelin -> The Git Development Community) C:\Program Files\Git\bin\bash.exe <2> (DriverStore\FileRepository\cui_dch.inf_amd64_01c7e148055ac0fe\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_01c7e148055ac0fe\igfxEM.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\nikkimarie\AppData\Local\Programs\Microsoft VS Code\Code.exe <22> (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <40> (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9> (Microsoft Corporation -> Microsoft Corporation) C:\Users\nikkimarie\AppData\Local\Microsoft\OneDrive\24.111.0602.0003\FileCoAuth.exe (MONGODB, INC. -> MongoDB Inc) C:\Users\nikkimarie\AppData\Local\MongoDBCompass\app-1.43.1\MongoDBCompass.exe <6> (Plarium Global LTD -> GitHub, Inc.) C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\PlariumPlay.exe <6> (services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe (services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe (services.exe ->) (Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (services.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe (services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_01c7e148055ac0fe\igfxCUIService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_e192e6f3fb1cfc71\RstMwService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_1b99d7afd85e5c44\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_58ee72dee7989949\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_58ee72dee7989949\IntelCpHeciSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_fafb1d329fdfe2c6\aesm_service.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe (services.exe ->) (MongoDB, Inc) [File not signed] C:\Program Files\MongoDB\Server\7.0\bin\mongod.exe (services.exe ->) (Plarium Global LTD -> PlariumPlayClientService) C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\PlariumPlayClientService\PlariumPlayClientService.exe (services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe (services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe (services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.612.100_x648wekyb3d8bbwe\olk.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.14326.21886.0_x648wekyb3d8bbwe\onenoteim.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.) HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-3710519103-3053279781-354438042-1003...\Run: [MicrosoftEdgeAutoLaunch_19B8F90E700754DAD91D3C80608083BA] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3883560 2024-06-19] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3710519103-3053279781-354438042-1003...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\nikkimarie\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File) HKU\S-1-5-21-3710519103-3053279781-354438042-1003...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\nikkimarie\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) HKU\S-1-5-21-3710519103-3053279781-354438042-1003...\RunOnce: [Uninstall 24.108.0528.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\nikkimarie\AppData\Local\Microsoft\OneDrive\24.108.0528.0005" [0 2024-06-21] () <==== ATTENTION [zero byte File/Folder] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\126.0.6478.63\Installer\chrmstp.exe [2024-06-20] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {A5FAAC84-2D85-463F-A764-95A1FF81658D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [964936 2024-04-25] (Dell Technologies Inc. -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate Task: {093B4D3D-E406-4600-B5EE-9A6A9E8206F5} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{AFCE3E8C-3449-49FF-873F-D82B79AC6C41} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC) Task: {117FCE63-BBC7-438B-B82B-845E75B0B9F3} - System32\Tasks\Intel\Intel® Management and Security Status => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [235208 2022-01-27] (Intel Corporation -> Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60 Task: {8C341DCA-0718-4525-97BA-0A86C30A1C73} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4916640 2024-04-15] (Intel Corporation -> Intel Corporation) Task: {8DB92736-55C3-4879-9516-73108DE31C03} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4916640 2024-04-15] (Intel Corporation -> Intel Corporation) Task: {68532D9E-63AC-4E9D-8561-AA24ADA771B0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File) Task: {CDC883AD-CD83-47F5-BF26-0096606C2701} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D5E69851-26FE-4580-91C9-2336B8F3FFE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1B761786-11FB-461E-BE46-0719915A75FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D5E8D05D-398A-4060-9692-30876F4DDC80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D5A4BC2B-D94B-4F57-8BB2-F7BDA4467423} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-01] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {7194F705-B280-4F06-BD96-52C8EEA8068A} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3710519103-3053279781-354438042-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-01] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {DE350198-44FC-4E0B-9F6B-EBE4B7359595} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-05-01] (Mozilla Corporation -> Mozilla Foundation) Task: {D7BD6EFE-FE1A-400C-BD53-C020BA20FDA5} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed] Task: {2B0F2389-3875-410B-8EB4-F33852A99576} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [170496 2023-10-12] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip..\Interfaces{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip..\Interfaces{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}: [DhcpDomain] hsd1.wa.comcast.net Tcpip..\Interfaces{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\0525544545950264C4950264F42502140275946494: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip..\Interfaces{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\0525544545950264C4950264F42502140275946494: [DhcpDomain] hsd1.wa.comcast.net Tcpip..\Interfaces{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\3545542525544545: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip..\Interfaces{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\3545542525544545: [DhcpDomain] hsd1.wa.comcast.net Tcpip..\Interfaces{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\3554859502143535022494453484: [DhcpNameServer] 192.168.95.20 Tcpip..\Interfaces{d11ed3bf-5ff3-4d63-9239-559d000e7a6a}\65562796A7F6E6D2D496649683830303C4D223246303: [DhcpNameServer] 192.168.1.1

Edge:

Edge DefaultProfile: Default Edge Profile: C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-23] Edge Notifications: Default -> hxxps://web.snapchat.com Edge Extension: (Norton Safe Web) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2024-04-14] Edge Extension: (Save to Pinterest) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkgoflemacdadndiohhdnphcmdhacabg [2024-06-06] Edge Extension: (Jasper Everywhere Extension) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bpiohchncadidhohcajcnoelomephkdd [2024-05-13] Edge Extension: (DuckDuckGo) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-06-18] Edge Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dimaiidfpngchbbfimkikgnicmibignd [2024-02-17] Edge Extension: (MetaMask) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2024-03-22] Edge Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2024-06-18] Edge Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-18] Edge Extension: (Microsoft Power Automate (Legacy)) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gjgfobnenmnljakmhboildkafdkicala [2024-02-17] Edge Extension: (React Developer Tools) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gpphkfbcpidddadnkolkpfckpihlkkil [2024-05-16] Edge Extension: (Bublup) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jafhgdpkjmgdgpdajnhfgijphegkmchl [2024-02-17] Edge Extension: (Edge relevant text changes) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-17] Edge Extension: (html.to.design) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ldnheaepmnmbjjjahokphckbpgciiaed [2024-06-18] Edge Extension: (Microsoft Rewards) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlbmdekgjkajiobkcbpolefohlelfhfe [2024-06-06] Edge Extension: (Redux DevTools) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nnkgneoiohoecpdiaponcejilbhhikei [2024-02-17] Edge Extension: (UserTesting Browser Recorder) - C:\Users\nikkimarie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\onlhphabpmijgblopkcjmphbbmeliagn [2024-06-06]

FireFox:

FF DefaultProfile: cy115v33.default FF ProfilePath: C:\Users\nikkimarie\AppData\Roaming\Mozilla\Firefox\Profiles\cy115v33.default [2024-02-19] FF ProfilePath: C:\Users\nikkimarie\AppData\Roaming\Mozilla\Firefox\Profiles\z4okkfz8.default-release [2024-05-29] FF Notifications: Mozilla\Firefox\Profiles\z4okkfz8.default-release -> hxxps://teams.microsoft.com

Chrome:

CHR DefaultProfile: Default CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default [2024-06-23] CHR Notifications: Default -> hxxps://mail.google.com CHR Extension: (DuckDuckGo) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-06-18] CHR Extension: (Bublup) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbfllaanijkpjgnolhfhephemiccnacj [2024-02-20] CHR Extension: (Microsoft Bing Search with Rewards) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2024-05-30] CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2024-06-20] CHR Extension: (React Developer Tools) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2024-05-10] CHR Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-23] CHR Extension: (Microsoft Power Automate (Legacy)) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgfobnenmnljakmhboildkafdkicala [2024-02-20] CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2024-05-18] CHR Extension: (Save to Pinterest) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-06-22] CHR Extension: (Google Play) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2024-02-20] CHR Extension: (Vercel) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahhiofdgnbcgmemekkmjnpifojdaelb [2024-06-20] CHR Extension: (html.to.design) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnheaepmnmbjjjahokphckbpgciiaed [2024-06-18] CHR Extension: (Redux DevTools) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmhkpmbekcpmknklioeibfkpmmfibljd [2024-02-20] CHR Extension: (Capital One Shopping: Save Now) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2024-06-18] CHR Extension: (MetaMask) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-06-22] CHR Extension: (Chrome Web Store Payments) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-20] CHR Extension: (UserTesting Browser Recorder) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlhphabpmijgblopkcjmphbbmeliagn [2024-06-06] CHR Extension: (Material Theme Dark [blue-grey]) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoafodbgcjnmijjepmpgnlhnogaahme [2024-02-20] CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-03-20] CHR Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-03-11] CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-06-06] CHR Notifications: Profile 2 -> hxxps://mail.google.com; hxxps://www.facebook.com CHR Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-16] CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-06-06] CHR Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-05-06] CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 4 [2024-05-23] CHR Extension: (Google Docs Offline) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-05-12] CHR Profile: C:\Users\nikkimarie\AppData\Local\Google\Chrome\User Data\System Profile [2024-06-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15689512 2024-03-06] (BattlEye Innovations e.K. -> ) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458128 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [159632 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [481680 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-12-13] (Dell Inc -> Dell INC.) R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-12-11] (Dell Inc -> ) R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [159664 2023-12-22] (Dell Technologies Inc. -> Dell) R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43784 2024-05-02] (Intel Corporation -> Intel) R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [290568 2024-05-02] (Intel Corporation -> Intel) S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2024-02-20] (EasyAntiCheat Oy -> Epic Games, Inc.) S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73480 2021-05-31] (Rivet Networks LLC -> Rivet Networks, LLC.) R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [1775392 2021-05-31] (Rivet Networks LLC -> Rivet Networks) R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2663208 2021-05-31] (Rivet Networks LLC -> Rivet Networks) S3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [73496 2021-05-31] (Rivet Networks LLC -> Rivet Networks, LLC.) R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 MongoDB; C:\Program Files\MongoDB\Server\7.0\bin\mongod.exe [66431488 2024-05-21] (MongoDB, Inc) [File not signed] R2 Plarium Play Client Service; C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.4.0-0.0.0\PlariumPlayClientService\PlariumPlayClientService.exe [200520 2024-06-18] (Plarium Global LTD -> PlariumPlayClientService) R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [197336 2021-06-15] (Qualcomm Atheros, Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-05-06] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [159048 2024-04-25] (Dell Technologies Inc. -> Dell Inc.) S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [807352 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2023-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Dell) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 hostpacket; C:\Windows\System32\drivers\hostpacket.sys [38472 2023-08-15] (Microsoft Windows Hardware Compatibility Publisher -> GEARUP PORTAL PTE. LTD.) R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [184400 2021-05-31] (Rivet Networks LLC -> Rivet Networks, LLC.) R3 MpKsl7d942949; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{E0E2B6E7-D798-4805-ACE7-8309DAB4AE9C}\MpKslDrv.sys [271648 2024-06-21] (Microsoft Windows -> Microsoft Corporation) R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [69984 2024-01-18] (WDKTestCert Nmap,133147429230506937 -> Insecure.Com LLC.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [76832 2022-09-30] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [254664 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [265536 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates) R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1064064 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-06-05] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-05] (Microsoft Windows -> Microsoft Corporation) S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-06-12] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-23 09:39 - 2024-06-23 09:40 - 000032929 C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\FRST.txt 2024-06-23 09:39 - 2024-06-23 09:40 - 000000000 ____D C:\FRST 2024-06-23 09:39 - 2024-06-23 09:39 - 002395648 (Farbar) C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\FRST64.exe 2024-06-22 02:54 - 2024-06-22 03:15 - 000000000 D C:\Users\nikkimarie\AppData\Roaming\MongoDB Compass 2024-06-22 02:54 - 2024-06-22 02:54 - 000002431 C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\MongoDBCompass.lnk 2024-06-22 02:54 - 2024-06-22 02:54 - 000000000 D C:\Users\nikkimarie\AppData\Local\MongoDBCompass 2024-06-22 02:54 - 2024-06-22 02:54 - 000000000 ____D C:\Users\nikkimarie\AppData\Local\mongodb 2024-06-22 01:38 - 2024-06-22 01:38 - 137713160 (MongoDB Inc) C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\mongodb-compass-1.43.1-win32-x64.exe 2024-06-21 07:32 - 2024-06-21 07:32 - 000000000 D C:\Users\nikkimarie\AppData\Roaming\nextjs-nodejs 2024-06-20 08:42 - 2024-06-20 08:55 - 000000000 D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\AutoLogger 2024-06-20 08:41 - 2024-06-20 08:41 - 018327322 _ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\AutoLogger.zip 2024-06-20 07:38 - 2024-06-20 08:47 - 000000000 D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\HiJackThistest 2024-06-20 07:37 - 2024-06-20 07:37 - 004369651 C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\HiJackThistest.zip 2024-06-20 07:30 - 2024-06-20 07:30 - 000003460 ____ C:\WINDOWS\system32\Tasks\npcapwatchdog 2024-06-20 07:29 - 2024-06-20 07:30 - 000000000 D C:\Program Files\Npcap 2024-06-20 07:29 - 2024-06-20 07:29 - 000000000 D C:\WINDOWS\SysWOW64\Npcap 2024-06-20 07:29 - 2024-06-20 07:29 - 000000000 D C:\WINDOWS\system32\Npcap 2024-06-20 07:29 - 2024-06-20 07:29 - 000000000 D C:\Program Files (x86)\Nmap 2024-06-20 06:44 - 2024-06-20 06:44 - 033969480 _ (Insecure.org) C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\nmap-7.95-setup.exe 2024-06-19 11:13 - 2024-06-19 11:13 - 000003670 _ C:\WINDOWS\system32\Tasks\USER_ESRV_SVC_QUEENCREEK 2024-06-19 02:11 - 2024-06-19 02:11 - 000000000 D C:\Users\nikkimarie\AppData\Local\com.vercel.cli 2024-06-18 11:36 - 2024-06-18 11:36 - 000000000 D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\New folder 2024-06-12 13:30 - 2024-06-12 13:30 - 000000000 _HD C:\$WinREAgent 2024-06-10 16:31 - 2024-06-10 16:31 - 000000000 __D C:\Users\nikkimarie\AppData\LocalLow\Yotta Games 2024-06-10 16:30 - 2024-06-10 16:31 - 000002006 _ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\The Grand Mafia.lnk 2024-06-10 16:30 - 2024-06-10 16:30 - 000000000 D C:\Users\nikkimarie\AppData\Roaming\YottaSDK 2024-06-08 02:21 - 2024-06-08 02:21 - 000000000 D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\Autoruns 2024-06-08 02:19 - 2024-06-08 02:19 - 002932380 C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\Autoruns.zip 2024-06-08 02:14 - 2024-06-08 02:14 - 000009490 C:\Users\nikkimarie.bashhistory 2024-06-08 02:01 - 2024-06-08 02:01 - 001149180 ____ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\Jan_Mar_2024_Longview_Police_Department_report.csv 2024-06-07 22:42 - 2024-06-18 17:14 - 000000000 D C:\Users\nikkimarie\AppData\Local\Firestorm_x64 2024-06-07 22:42 - 2024-06-10 16:30 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\Firestorm_x64 2024-06-07 22:41 - 2024-06-07 22:41 - 000000000 D C:\WINDOWS\GearUPBooster 2024-06-07 12:10 - 2024-06-07 12:10 - 000000000 D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Releasex64 2024-06-07 12:07 - 2024-06-07 22:42 - 000000000 D C:\Program Files\Firestorm-Releasex64 2024-06-07 12:04 - 2024-06-07 12:05 - 148711893 _ C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\Phoenix-Firestorm-Releasex64-6-6-17-70368_Setup.exe 2024-06-06 22:32 - 2024-06-06 22:32 - 000000000 _DL C:\Program Files\nodejs 2024-06-06 22:05 - 2024-06-06 22:39 - 000000000 __D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\modern 2024-05-31 18:44 - 2024-05-21 17:42 - 000512400 _ (Intel) C:\WINDOWS\system32\libvpl.dll 2024-05-31 18:44 - 2024-05-21 17:42 - 000453632 (Intel) C:\WINDOWS\SysWOW64\libvpl.dll 2024-05-31 18:44 - 2024-05-21 17:40 - 000942600 (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll 2024-05-31 18:44 - 2024-05-21 17:40 - 000705512 (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll 2024-05-31 18:44 - 2024-05-21 17:39 - 000591488 (Intel Corporation) C:\WINDOWS\system32\intel_gfxapi-x64.dll 2024-05-31 18:44 - 2024-05-21 17:39 - 000453016 ____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfxapi-x86.dll 2024-05-31 18:44 - 2024-05-21 17:36 - 000492608 ____ C:\WINDOWS\system32\ze_tracinglayer.dll 2024-05-31 18:44 - 2024-05-21 17:36 - 000398400 ____ C:\WINDOWS\system32\zeloader.dll 2024-05-31 18:44 - 2024-05-21 17:36 - 000159288 ____ C:\WINDOWS\system32\ze_validationlayer.dll 2024-05-31 18:44 - 2024-05-21 17:35 - 027963856 ____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64hw.dll 2024-05-31 18:44 - 2024-05-21 17:35 - 020687936 ____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32hw.dll 2024-05-31 18:44 - 2024-05-21 17:35 - 001969616 ____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2024-05-31 18:44 - 2024-05-21 17:35 - 001969616 C:\WINDOWS\system32\vulkaninfo.exe 2024-05-31 18:44 - 2024-05-21 17:35 - 001526224 C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2024-05-31 18:44 - 2024-05-21 17:35 - 001526224 C:\WINDOWS\SysWOW64\vulkaninfo.exe 2024-05-31 18:44 - 2024-05-21 17:35 - 001434064 C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2024-05-31 18:44 - 2024-05-21 17:35 - 001434064 C:\WINDOWS\system32\vulkan-1.dll 2024-05-31 18:44 - 2024-05-21 17:35 - 001147344 C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2024-05-31 18:44 - 2024-05-21 17:35 - 001147344 C:\WINDOWS\SysWOW64\vulkan-1.dll 2024-05-31 18:44 - 2024-05-21 17:35 - 000515648 (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2024-05-31 18:44 - 2024-05-21 17:35 - 000378432 (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2024-05-31 17:21 - 2024-05-31 17:21 - 000000000 D C:\Users\nikkimarie\AppData\Local\ElevatedDiagnostics 2024-05-30 17:36 - 2024-05-30 18:03 - 000000000 D C:\Users\nikkimarie\AppData\Roaming\Microsoft\WordPad 2024-05-29 22:40 - 2024-05-30 16:43 - 000000009 C:\WINDOWS\system32\query 2024-05-24 05:23 - 2024-05-24 05:23 - 000000000 ____D C:\Program Files\MongoDB

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-23 09:39 - 2024-02-17 21:38 - 000000000 D C:\Users\nikkimarie\AppData\Local\D3DSCache 2024-06-23 09:36 - 2024-02-17 21:17 - 000000000 D C:\WINDOWS\system32\SleepStudy 2024-06-23 09:36 - 2024-02-11 02:23 - 000000000 D C:\WINDOWS\system32\WinBioDatabase 2024-06-23 09:36 - 2024-02-11 02:23 - 000000000 D C:\ProgramData\regid.1991-06.com.microsoft 2024-06-23 05:58 - 2024-04-24 17:16 - 000000445 _ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2024-06-23 04:58 - 2024-02-11 02:23 - 000000000 __D C:\WINDOWS\SystemTemp 2024-06-22 23:45 - 2024-02-11 02:23 - 000000000 _HD C:\Program Files\WindowsApps 2024-06-22 23:45 - 2024-02-11 02:23 - 000000000 D C:\WINDOWS\AppReadiness 2024-06-22 20:59 - 2024-02-20 10:59 - 000000000 D C:\Users\nikkimarie\AppData\Roaming\Code 2024-06-22 20:48 - 2024-02-20 20:03 - 000000000 D C:\Users\nikkimarie\AppData\Local\PlariumPlay 2024-06-22 16:52 - 2022-12-09 12:33 - 000002438 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-06-22 02:54 - 2024-02-19 15:15 - 000000000 D C:\Users\nikkimarie\AppData\Local\SquirrelTemp 2024-06-22 02:54 - 2023-11-27 02:59 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MongoDB Inc 2024-06-21 17:32 - 2024-02-17 21:39 - 000003588 C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3710519103-3053279781-354438042-1003 2024-06-21 17:32 - 2024-02-17 21:38 - 000003388 C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3710519103-3053279781-354438042-1003 2024-06-21 17:32 - 2024-02-17 21:22 - 000002439 C:\Users\nikkimarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-06-20 20:29 - 2024-02-20 10:58 - 000002247 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-06-20 09:16 - 2024-02-20 20:11 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\PlariumPlay 2024-06-20 08:49 - 2024-02-17 21:30 - 000840974 C:\WINDOWS\system32\PerfStringBackup.INI 2024-06-20 08:49 - 2024-02-11 02:22 - 000000000 D C:\WINDOWS\INF 2024-06-20 08:48 - 2024-02-11 02:23 - 000000000 D C:\WINDOWS\LiveKernelReports 2024-06-20 08:45 - 2023-03-08 13:02 - 000000000 SHD C:\Users\nikkimarie\IntelGraphicsProfiles 2024-06-20 08:44 - 2024-04-24 17:11 - 000001591 _ C:\WINDOWS\system32\config\VSMIDK 2024-06-20 08:44 - 2024-02-17 21:26 - 000000006 __H C:\WINDOWS\Tasks\SA.DAT 2024-06-20 08:44 - 2024-02-11 02:23 - 000000000 ___D C:\WINDOWS\ServiceState 2024-06-20 08:44 - 2024-02-11 02:18 - 000524288 C:\WINDOWS\system32\config\BBI 2024-06-20 08:44 - 2022-12-09 12:33 - 000008192 _SH C:\DumpStack.log.tmp 2024-06-20 08:44 - 2022-12-09 09:44 - 000000000 _D C:\Intel 2024-06-19 16:27 - 2024-02-20 21:52 - 000003834 C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2024-06-19 11:13 - 2024-02-20 21:27 - 000003762 C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 2024-06-19 11:13 - 2024-02-20 21:27 - 000003528 C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon 2024-06-19 10:05 - 2023-03-08 15:42 - 000000000 __D C:\Users\nikkimarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2024-06-18 16:00 - 2023-03-08 13:10 - 000000000 _RD C:\Users\nikkimarie\OneDrive 2024-06-18 11:56 - 2024-02-20 20:18 - 000000000 __D C:\Program Files\Electronic Arts 2024-06-18 11:56 - 2024-02-20 19:59 - 000000000 D C:\ProgramData\Package Cache 2024-06-18 11:30 - 2024-02-20 20:50 - 000000000 D C:\Users\nikkimarie\AppData\Local\CrashDumps 2024-06-18 11:30 - 2024-02-11 02:23 - 000000000 _HD C:\WINDOWS\ELAMBKUP 2024-06-18 11:01 - 2024-05-02 02:16 - 000001426 _ C:\WINDOWS\system32\default_errorstack-000000-000000.txt 2024-06-16 18:40 - 2024-02-17 21:36 - 000000000 D C:\Users\nikkimarie\AppData\Local\Packages 2024-06-13 05:26 - 2024-02-17 21:22 - 000000000 D C:\Users\nikkimarie 2024-06-12 14:49 - 2024-02-17 21:17 - 000259720 C:\WINDOWS\system32\FNTCACHE.DAT 2024-06-12 14:48 - 2024-04-24 17:10 - 000000000 D C:\Program Files\Hyper-V 2024-06-12 14:48 - 2024-02-11 02:23 - 000000000 D C:\WINDOWS\SystemResources 2024-06-12 14:48 - 2024-02-11 02:23 - 000000000 D C:\WINDOWS\PolicyDefinitions 2024-06-12 14:48 - 2024-02-11 02:23 - 000000000 D C:\WINDOWS\bcastdvr 2024-06-12 14:17 - 2024-02-11 02:19 - 000000000 D C:\WINDOWS\CbsTemp 2024-06-12 14:12 - 2024-02-17 21:20 - 003017216 (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2024-06-12 13:44 - 2024-02-19 15:35 - 000000000 D C:\WINDOWS\system32\MRT 2024-06-12 13:35 - 2024-02-19 15:35 - 199048176 C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2024-06-08 04:07 - 2024-03-22 07:23 - 000000000 D C:\ProgramData\VirtualBox 2024-06-08 04:06 - 2023-12-15 23:10 - 000000000 D C:\Users\nikkimarie.VirtualBox 2024-06-07 11:45 - 2024-05-23 21:27 - 000000000 D C:\Users\nikkimarie\AppData\Local\SecondLife 2024-06-07 06:40 - 2024-02-17 21:26 - 000003536 C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-06-07 06:40 - 2024-02-17 21:26 - 000003442 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1da6221909045b1 2024-06-06 22:30 - 2024-02-20 11:03 - 000000000 D C:\Users\nikkimarie\AppData\Roaming\nvm 2024-06-06 22:30 - 2023-07-08 22:05 - 000000000 D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVM for Windows 2024-06-06 00:01 - 2024-02-17 22:01 - 000000000 D C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop\portfolio 2024-06-05 23:52 - 2024-02-17 21:26 - 000000000 D C:\WINDOWS\system32\Drivers\wd 2024-06-04 10:59 - 2023-10-12 18:57 - 000000000 ____H C:\$WINRE_BACKUPPARTITION.MARKER 2024-06-04 10:58 - 2023-12-10 00:45 - 000233455 C:\Users\nikkimarie\yarn.lock 2024-06-04 10:58 - 2023-03-27 08:31 - 000000000 D C:\Users\nikkimarie\nodemodules 2024-06-04 10:56 - 2023-09-30 09:44 - 000000121 C:\Users\nikkimarie.yarnrc 2024-06-01 17:45 - 2024-02-24 16:36 - 000000000 D C:\Users\nikkimarie\AppData\Local\Yarn 2024-05-31 18:51 - 2024-02-17 21:36 - 000000000 D C:\Program Files\Intel 2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 _RD C:\WINDOWS\ImmersiveControlPanel 2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 __D C:\WINDOWS\SysWOW64\setup 2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 D C:\WINDOWS\SysWOW64\Dism 2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 D C:\WINDOWS\system32\setup 2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 D C:\WINDOWS\system32\oobe 2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 D C:\WINDOWS\system32\Dism 2024-05-30 18:01 - 2024-02-11 02:23 - 000000000 D C:\WINDOWS\ShellExperiences 2024-05-30 17:13 - 2024-02-20 20:10 - 000000000 D C:\Program Files\dotnet 2024-05-30 17:06 - 2024-05-01 21:41 - 000000000 D C:\Program Files\Mozilla Firefox 2024-05-28 20:09 - 2024-02-19 14:53 - 000000000 D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-05-24 00:33 - 2024-05-23 21:27 - 000000000 ____D C:\Users\nikkimarie\AppData\Roaming\SecondLife

==================== Files in the root of some directories ========

2023-10-06 19:55 - 2023-10-06 19:55 - 000000000 () C:\Users\nikkimarie.mongorc.js 2024-02-20 20:02 - 2024-02-20 20:11 - 000029272 () C:\Users\nikkimarie\AppData\Local\PlariumPlay.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.06.2024 Ran by nikkimarie (23-06-2024 09:41:27) Running from C:\Users\nikkimarie\OneDrive\Desktop\Documents\Desktop Microsoft Windows 10 Pro Version 22H2 19045.4529 (X64) (2024-02-18 04:36:28) Boot Mode: Normal

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3710519103-3053279781-354438042-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3710519103-3053279781-354438042-503 - Limited - Disabled) DevToolsUser (S-1-5-21-3710519103-3053279781-354438042-1014 - Limited - Enabled) => C:\Users\DevToolsUser Guest (S-1-5-21-3710519103-3053279781-354438042-501 - Limited - Disabled) nikkimarie (S-1-5-21-3710519103-3053279781-354438042-1003 - Administrator - Enabled) => C:\Users\nikkimarie WDAGUtilityAccount (S-1-5-21-3710519103-3053279781-354438042-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Dell SupportAssist (HKLM...{A1FC489C-7909-4E08-9685-6C77BA2053DE}) (Version: 4.0.3.61632 - Dell Inc.) Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM...{39BF0E71-7A16-4A80-BBCE-FBDD2D1CC2D5}) (Version: 5.5.9.18923 - Dell Inc.) Hidden Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32...{f6a4df94-48f2-459a-8d40-16b1fbed13c5}) (Version: 5.5.9.18923 - Dell Inc.) Dell SupportAssist Remediation (HKLM...{398E49A0-84CA-43B5-A926-42EF68619E91}) (Version: 5.5.10.19019 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32...{3563aa3a-c8ae-48d8-ab19-b1f359265295}) (Version: 5.5.10.19019 - Dell Inc.) Epic Games Launcher Prerequisites (x64) (HKLM...{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Firestorm-Releasex64 (HKLM...\Firestorm-Releasex64) (Version: 6.6.17.70368 - The Phoenix Firestorm Project, Inc.) Git (HKLM...\Git_is1) (Version: 2.43.0 - The Git Development Community) Google Chrome (HKLM-x32...\Google Chrome) (Version: 126.0.6478.63 - Google LLC) Intel Driver && Support Assistant (HKLM-x32...{0C162007-F1C8-47A0-BD5D-E5FC54689B16}) (Version: 24.2.19.5 - Intel) Hidden Intel(R) Computing Improvement Program (HKLM...{2D924248-D4EE-45BA-BDDB-1FA8828CF5CA}) (Version: 2.4.10852 - Intel Corporation) Intel(R) Management Engine Components (HKLM...{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation) Intel(R) Management Engine Components (HKLM...{B52CA235-45C5-46FE-A183-B7D2FD4966AA}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM...{B7F27296-F1AE-46BB-8BD7-5E0EED0EA1AC}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Driver (HKLM...{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Service Client x64 (HKLM...{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden Intel(R) Trusted Connect Service Client x86 (HKLM-x32...{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.63.1155.2 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32...{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden Intel® Driver & Support Assistant (HKLM-x32...{77847290-e441-4f65-8fe1-634e73b7632b}) (Version: 24.2.19.5 - Intel) Intel® Optane™ Pinning Explorer Extensions (HKLM...{A6961DC0-8F0E-4593-B336-FD3E7F27999C}) (Version: 16.8.4.1011 - Intel Corporation) Launcher Prerequisites (x64) (HKLM-x32...{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Maxx Audio Installer (x64) (HKLM...{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden Microsoft .NET Host - 6.0.31 (x64) (HKLM...{59ED1DC1-E3E4-4BC0-B43F-143CCC38FF17}) (Version: 48.124.15198 - Microsoft Corporation) Hidden Microsoft .NET Host - 7.0.20 (x64) (HKLM...{EE5EB03B-D65C-4991-848E-2C6E024326DB}) (Version: 56.80.15184 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.31 (x64) (HKLM...{9992D04E-553E-4BC2-B0EC-4A394DD19986}) (Version: 48.124.15198 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 7.0.20 (x64) (HKLM...{B0FC828F-678C-4868-9B5B-99639758E6F3}) (Version: 56.80.15184 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 7.0.7 (x64) (HKLM...{62A9DE14-DB7A-41D9-9D7E-ED494E6FCBAF}) (Version: 56.31.61636 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.31 (x64) (HKLM...{0950F07D-F1C4-47A5-AC88-C5FAA5DC564D}) (Version: 48.124.15198 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 7.0.20 (x64) (HKLM...{221BB52A-B763-4C9D-AA62-4B0B6C9AAD62}) (Version: 56.80.15184 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 7.0.7 (x64) (HKLM...{ECCA3DB0-6DEF-42CD-A21A-F2F7B918FB59}) (Version: 56.31.61636 - Microsoft Corporation) Hidden Microsoft ASP.NET Core 7.0.20 - Shared Framework (x64) (HKLM-x32...{6c2f4b5b-86d2-4aff-bf79-d1e73cc20ab3}) (Version: 7.0.20.24269 - Microsoft Corporation) Microsoft ASP.NET Core 7.0.20 Shared Framework (x64) (HKLM...{BD401329-F877-391C-9E5A-FEB423C5A196}) (Version: 7.0.20.24269 - Microsoft Corporation) Hidden Microsoft ASP.NET Core 7.0.7 - Shared Framework (x64) (HKLM-x32...{4a749a1a-b799-41b4-a328-33a7b2355e76}) (Version: 7.0.7.23274 - Microsoft Corporation) Microsoft ASP.NET Core 7.0.7 Shared Framework (x64) (HKLM...{5ECA54B7-62F2-39EE-9514-31F7DFFFC968}) (Version: 7.0.7.23274 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 126.0.2592.68 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 126.0.2592.68 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3710519103-3053279781-354438042-1003...\OneDriveSetup.exe) (Version: 24.111.0602.0003 - Microsoft Corporation) Microsoft Update Health Tools (HKLM...{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft VC++ redistributables repacked. (HKLM...{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden Microsoft VC++ redistributables repacked. (HKLM-x32...{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32...{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32...{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM...{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM...{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32...{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32...{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32...{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32...{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM...{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM...{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32...{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32...{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual Studio Code (User) (HKU\S-1-5-21-3710519103-3053279781-354438042-1003...{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.90.2 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.31 (x64) (HKLM...{EFE53353-800E-4987-B965-1C968D0F23A4}) (Version: 48.124.15242 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.31 (x64) (HKLM-x32...{1a7abdc5-639b-4af0-87c6-dbc511750c6e}) (Version: 6.0.31.33720 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM...{72C29BED-666F-4E5E-BC49-DF44C890742E}) (Version: 56.80.15245 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM-x32...{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}) (Version: 7.0.20.33720 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM...{593F16DC-C2D3-4740-ABD4-A171B4E32B06}) (Version: 56.31.61651 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM-x32...{e875fc20-9a37-4344-b046-0bb037cb2d57}) (Version: 7.0.7.32525 - Microsoft Corporation) MongoDB 7.0.11 2008R2Plus SSL (64 bit) (HKLM...{6F87AA02-6D33-428D-B845-4250C13C17F8}) (Version: 7.0.11 - MongoDB Inc.) MongoDB Compass (HKU\S-1-5-21-3710519103-3053279781-354438042-1003...\MongoDBCompass) (Version: 1.43.1 - MongoDB Inc) Mozilla Firefox (x64 en-US) (HKLM...\Mozilla Firefox 125.0.3 (x64 en-US)) (Version: 125.0.3 - Mozilla) Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 122.0.1 - Mozilla) Nmap 7.95 (HKLM-x32...\Nmap) (Version: 7.95 - Nmap Project) Npcap (HKLM-x32...\NpcapInst) (Version: 1.79 - Nmap Project) NVM for Windows 1.1.12 (HKLM...\40078385-F676-4C61-9A9C-F9028599D6D3_is1) (Version: 1.1.12 - Ecor Ventures LLC) Oracle VM VirtualBox 7.0.14 (HKLM...{8DDF4B7A-DE1A-4619-B426-959B44E40A87}) (Version: 7.0.14 - Oracle and/or its affiliates) Plarium Play (HKLM-x32...{1b16bdf4-f85f-4248-ae9c-6105e7beca99}) (Version: 9.4.0 - Plarium) PlariumPlay (HKLM-x32...{B8E0E173-DE7E-46CD-8AC2-73F746632F0B}) (Version: 9.4.0 - Plarium) Hidden Postman x86_64 11.1.0 (HKU\S-1-5-21-3710519103-3053279781-354438042-1003...\Postman) (Version: 11.1.0 - Postman) Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.) SecondLifeViewer (HKLM...\SecondLifeViewer) (Version: 7.1.7.8974243247 - Linden Research, Inc.) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM...{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)

Packages:

Dark Skies by Tracy Hymas -> C:\Program Files\WindowsApps\Microsoft.DarkSkiesbyTracyHymas_1.0.0.0_neutral8wekyb3d8bbwe [2024-04-14] (Microsoft Corporation) Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_4.0.16.0_x64htrsf667h5kn2 [2024-05-18] (Dell Inc) DuckDuckGo -> C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.79.0.0_x64ya2fgkz3nks94 [2024-05-30] (DuckDuckGo) [Startup Task] Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x648j3eq9eme6ctt [2024-06-17] (INTEL CORP) [Startup Task] Killer Control Center -> C:\Program Files\WindowsApps\rivetnetworks.killercontrolcenter_2.4.3337.0_x64rh07ty8m5nkag [2024-02-17] (Rivet Networks LLC) [Startup Task] Light and Dark by Nick Boyer -> C:\Program Files\WindowsApps\Microsoft.LightandDarkbyNickBoyer_1.0.0.0_neutral8wekyb3d8bbwe [2024-04-15] (Microsoft Corporation) Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2406.5001.0_x648wekyb3d8bbwe [2024-06-19] (Microsoft Corporation) [Startup Task] OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x648wekyb3d8bbwe [2024-05-22] (Microsoft Corporation) Snapchat -> C:\Program Files\WindowsApps\SnapInc.Snapchat_3.0.1.0_neutralk1zn018256b8e [2024-03-09] (Snap Inc.) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64zpdnekdrzrea0 [2024-06-06] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID{13c604e2-fa89-b4a6-fbd6-ce16e55707cf}\localserver32 -> "C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.1.0-0.0.0\dotnet\info\PlariumPlayInfo.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID{31c9b23f-3e74-1158-2eca-1bd8ec9b6d58}\localserver32 -> "C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.0.0-0.0.0\dotnet\info\PlariumPlayInfo.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID{92c6b55b-a953-5b20-f141-f9182e580bf2}\localserver32 -> C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.3.0-0.0.0\dotnet\info\PlariumPlayInfo.exe (Plarium Global LTD -> PlariumPlayInfo) CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID{a961359d-f7dd-9651-5e16-518df5808d8e}\localserver32 -> "C:\Users\nikkimarie\AppData\Local\PlariumPlay\9.2.0-0.0.0\dotnet\info\PlariumPlayInfo.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd) CustomCLSID: HKU\S-1-5-21-3710519103-3053279781-354438042-1003_Classes\CLSID{e0336e82-8f2e-69e8-a334-fcb224165932}\localserver32 -> C:\User

Sandor-Helper commented 5 months ago

Please attach these log to your next message (lik you already did in your first post here) rather than inserting them.

nikkimarie31 commented 5 months ago

Addition.txt FRST.txt

Also I just had something pop up which I didn't download anything so it seems odd to me and when it popped up I also went and checked to see if my computer is up to date and it is but the notification says restart required you PC needs to be restarted to finish setting up this device: killer wireless-n/a/ac 1435 wireless network adapter. and like I said I haven't updated or downloaded anything at all today. I just turned on my computer an hour ago and this is popping up.

Sandor-Helper commented 5 months ago

Please show me a screenshot (or shapshot) of such pop up window.

nikkimarie31 commented 5 months ago

Screenshot 2024-06-25 004232

dragokas commented 5 months ago

Please, clarify, do you mean system notification with "Restart required message"? That's a normal behaviour. However, if you have constantly see exactly the same message, e.g. about wi-fi adapter installation and despite you already tried to reboot PC, it still appearing again, that's means some issues with drivers or device, not malware related.

To solve too much distraction of such system messages, you can follow this instruction: https://www.howtogeek.com/349829/how-to-use-focus-assist-do-not-disturb-mode-on-windows-10/ to set "Focus Assist" settings to value: "Alarms Only". This way, most system messages will remain silent.

nikkimarie31 commented 5 months ago

Screenshot 2024-06-29 014701

i also just got this. everytime i try to download something into the program files it says im not the admin when this is my computer and it shows im the admin. speaking of the notification ive never seen one like that before on any of my computers thats why it concerned me. The virus concern is due to random ads popping up when im not even clicking on anything or have anything opened

dragokas commented 5 months ago

It is correct behaviour due to specific of Windows 10 security design. Normally, you are not allowed to save files into "Program Files" directory even if your user account is assigned into Administrator group. It is a part of protection, related to UAC. Why are you trying to save files there? By default, "Downloads" folder (which is C:\Users\nikkimarie\OneDrive\Downloads) is intended to temporarily store files downloaded from internet.

If you have random ads pop-up, please attach a screenshot of such window. We don't see any signs of it so far. I hope, you figured out how to set up "Focus Assist" mentioned before, which is system notification, not ads.

dragokas commented 4 months ago

Closed. Reason: It seems, help is no more required. 2 weeks left. If you still need our help, please, execute the last steps, requested by a helper.

nikkimarie31 commented 4 months ago

everytime i try to login to github it instantly shuts down chrome i havent been able to do much on my computer and im not sure why so i havent been able to respond but i remembered that i could write you back in gmail when i got your email

On Thu, Jul 11, 2024 at 12:22 PM Alex Dragokas @.***> wrote:

Closed #252 https://github.com/dragokas/hijackthis/issues/252 as completed.

— Reply to this email directly, view it on GitHub https://github.com/dragokas/hijackthis/issues/252#event-13476480879, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZ4HLTB4UR6B4QM5R2QYGATZL3LO5AVCNFSM6AAAAABJUIOH2OVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJTGQ3TMNBYGA4DOOI . You are receiving this because you authored the thread.Message ID: @.***>

dragokas commented 4 months ago

Please, prepare new CollectionLog according to initial rules.

nikkimarie31 commented 4 months ago

Okay I will

On Sat, Jul 13, 2024, 11:56 AM Alex Dragokas @.***> wrote:

Please, prepare new CollectionLog according to initial rules https://github.com/dragokas/hijackthis/wiki/How-to-make-a-request-for-help-in-the-PC-cure-section%3F .

— Reply to this email directly, view it on GitHub https://github.com/dragokas/hijackthis/issues/252#issuecomment-2227046281, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZ4HLTATGZJUN5UWBZU7V63ZMFZ4VAVCNFSM6AAAAABJUIOH2OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRXGA2DMMRYGE . You are receiving this because you authored the thread.Message ID: @.***>

dragokas commented 3 months ago

Closed. Reason: no answer for 10 days. If you still need our help, please, execute the last steps, requested by a helper. Also, download again AutoLogger, prepare new CollectionLog, and write what problems remained.