Home » high memory usage, suspect i have malware

high memory usage, suspect i have malware

0 comment

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022 (ATTENTION: ====> FRST version is 35 days old and could be outdated)Ran by satch (administrator) on DESKTOP-Q1JOHSV (Micro-Star International Co., Ltd. MS-7B98) (04-10-2022 23:12:34)Running from C:UserssatchDownloadsLoaded Profiles: satchPlatform: Microsoft Windows 10 Home Version 21H1 19043.2006 (X64) Language: English (United States)Default browser: ChromeBoot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:Program Files (x86)Steamsteam.exe ->) (Valve Corp. -> Valve Corporation) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe <7>(C:Program Files (x86)TotalAVSecurityService.exe ->) (Protected Antivirus Limited -> TotalAV) C:Program Files (x86)TotalAVTotalAV.exe(C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe(C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2203.5-0MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2203.5-0MpCmdRun.exe(explorer.exe ->) (Google LLC -> Google LLC) C:Program Files (x86)GoogleChromeApplicationchrome.exe <15>(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe <5>(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OneDriveOneDrive.exe(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:Program Files (x86)Steamsteam.exe(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.152GoogleCrashHandler.exe(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.152GoogleCrashHandler64.exe(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32Taskmgr.exe(Nvidia Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe(Oracle America, Inc. -> Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:Program Files (x86)OriginOriginWebHelperService.exe(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_b5484efd38adbe8djhi_service.exe(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2203.5-0MsMpEng.exe(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <2>(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispig.inf_amd64_70cfb45e19c20af4Display.NvContainerNVDisplay.Container.exe <2>(services.exe ->) (Protected Antivirus Limited -> TotalAV) C:Program Files (x86)TotalAVSecurityService.exe <2>(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:WindowsRtkBtManServ.exe(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_3dd75df32535321aRtkAudUService64.exe <2>(services.exe ->) (Valve Corp. -> Valve Corporation) C:Program Files (x86)Common FilesSteamSteamService.exe(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OneDrive22.191.0911.0001FileCoAuth.exe(svchost.exe ->) (Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.YourPhone_1.22072.207.0_x64__8wekyb3d8bbwePhoneExperienceHost.exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [RtkAudUService] => C:WINDOWSSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_3dd75df32535321aRtkAudUService64.exe [1361000 2021-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)HKLM-x32…Run: [amd_dc_opt] => C:Program Files (x86)AMDDual-Core Optimizeramd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]HKLM-x32…Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [711328 2022-06-16] (Oracle America, Inc. -> Oracle Corporation)HKLMSOFTWAREMicrosoftWindows Defender: [DisableAntiSpyware] Restriction <==== ATTENTIONHKLMSOFTWAREMicrosoftWindows Defender: [DisableAntiVirus] Restriction <==== ATTENTIONHKUS-1-5-21-3795020384-2431542903-1114512080-1003…Run: [OneDrive] => C:Program FilesMicrosoft OneDriveOneDrive.exe [2630024 2022-10-03] (Microsoft Corporation -> Microsoft Corporation)HKUS-1-5-21-3795020384-2431542903-1114512080-1003…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [4235112 2022-09-27] (Valve Corp. -> Valve Corporation)HKUS-1-5-21-3795020384-2431542903-1114512080-1003…Run: [EpicGamesLauncher] => C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe [32688080 2022-09-28] (Epic Games Inc. -> Epic Games, Inc.)HKUS-1-5-21-3795020384-2431542903-1114512080-1003…Run: [utweb] => “C:UserssatchAppDataRoaminguTorrent Webutweb.exe” /MINIMIZED (No File)HKUS-1-5-21-3795020384-2431542903-1114512080-1003…Run: [MicrosoftEdgeAutoLaunch_CC9D8EB2FBC785840A3D6875881197CD] => “C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe” –no-startup-window –win-session-start /prefetch:5 [3795376 2022-09-25] (Microsoft Corporation -> Microsoft Corporation)HKLMSoftwareMicrosoftActive SetupInstalled Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C:Program Files (x86)GoogleChromeApplication106.0.5249.91Installerchrmstp.exe [2022-09-30] (Google LLC -> Google LLC)Startup: C:UserssatchAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMEGAsync.lnk [2019-07-21]ShortcutTarget: MEGAsync.lnk -> C:UserssatchAppDataLocalMEGAsyncMEGAsync.exe (Mega Limited -> Mega Limited)GroupPolicy: Restriction ? <==== ATTENTIONPolicies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: 03BC766E-FF4F-4F0D-B5AA-70F448A320FF – System32TasksAvastUpdateTaskMachineUA => C:Program Files (x86)AVAST SoftwareBrowserUpdateAvastBrowserUpdate.exe /ua /installsource scheduler (No File)Task: 0BBCBDB2-4EC0-4A4E-BC06-2F69516ED05D – System32TasksOneDrive Reporting Task-S-1-5-21-3795020384-2431542903-1114512080-1003 => C:Program FilesMicrosoft OneDriveOneDriveStandaloneUpdater.exe [4165520 2022-10-03] (Microsoft Corporation -> Microsoft Corporation)Task: 1F398CB2-E47C-4BCF-A928-3A75AF6191AE – System32TasksAvast Secure Browser Heartbeat Task (Logon) => C:Program Files (x86)AVAST SoftwareBrowserApplicationAvastBrowser.exe –type=heartbeat –logon (No File)Task: 429D6965-94B3-4773-8B25-9E751F9FDCDF – System32TasksGoogleUpdateTaskMachineCore1d57d48e0e1996 => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154920 2019-07-05] (Google Inc -> Google LLC)Task: 453049D4-92BF-464E-9A53-604EF7C327D8 – System32TasksAdobe Flash Player Updater => C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)Task: 45BF6774-BD06-45C8-98AB-B7783CF65336 – System32TasksNvTmRep_CrashReport1_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)Task: 4DF561F2-C353-4EB6-B967-689FA0F5942C – System32TasksNvTmRep_CrashReport4_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)Task: 57C406CA-F622-47E2-8E4A-AF6B10D2AD95 – System32TasksNvDriverUpdateCheckDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.logTask: 86F281AD-8751-4B46-ACC7-B45E97C13508 – System32TasksNvProfileUpdaterOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [908328 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)Task: 8792C639-94C0-4C4D-BC9D-14B9BF9E10D6 – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154920 2019-07-05] (Google Inc -> Google LLC)Task: 99B33E36-4322-4E02-8FC6-1588A2806B1A – System32TasksOneDrive Per-Machine Standalone Update Task => C:Program FilesMicrosoft OneDriveOneDriveStandaloneUpdater.exe [4165520 2022-10-03] (Microsoft Corporation -> Microsoft Corporation)Task: C5465FD6-0785-479A-9925-B54C7FD44F30 – System32TasksAvast Secure Browser Heartbeat Task (Hourly) => C:Program Files (x86)AVAST SoftwareBrowserApplicationAvastBrowser.exe –type=heartbeat –hourly (No File)Task: D2502FE5-D3D1-4CB8-B6AE-78AAA488AC3B – System32TasksNVIDIA GeForce Experience SelfUpdate_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3342376 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)Task: D2A5CE68-6AF4-40A7-BAA1-CB507D41D648 – System32TasksNvTmRep_CrashReport2_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)Task: DD35A470-D9B6-485E-9568-49C2CB9BA2E8 – System32TasksNvTmRep_CrashReport3_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)Task: E6FB9684-EB51-4D1E-8CDE-1D7AE7E37FD8 – System32TasksIntel PTT EK Recertification => C:WINDOWSSystem32DriverStoreFileRepositoryiclsclient.inf_amd64_76523213b78d9046libIntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)Task: E94BF4D7-B29C-4DAA-B4C7-ACE62A28CFA1 – System32TasksNvNodeLauncher_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [649256 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)Task: E94E0A61-AF0A-4944-921C-643F7A819A3B – System32TasksAdobe Flash Player PPAPI Notifier => C:WINDOWSSysWOW64MacromedFlashFlashUtil32_32_0_0_387_pepper.exe [1454648 2020-06-09] (Adobe Inc. -> Adobe)Task: EBFAE3F5-44E7-49F6-A8E0-6A99F6B91C41 – System32TasksMEGAMEGAsync Update Task S-1-5-21-3795020384-2431542903-1114512080-1003 => C:UserssatchAppDataLocalMEGAsyncMEGAupdater.exe [1776816 2022-07-25] (Mega Limited -> )Task: EFD9E021-6178-4E60-991A-017D1AA11581 – System32TasksAvastUpdateTaskMachineCore => C:Program Files (x86)AVAST SoftwareBrowserUpdateAvastBrowserUpdate.exe /c (No File)Task: F24249F4-E475-4C30-B841-3462B928358A – System32TasksNvProfileUpdaterDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [908328 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)Task: F527426C-9F2B-43D5-80F2-EE98572EBA05 – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154920 2019-07-05] (Google Inc -> Google LLC)Task: F6199833-EE37-4676-879D-FDD52AF35F45 – System32TasksGoogleUpdateTaskMachineUA1d57d48e0f7839 => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154920 2019-07-05] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:WINDOWSTasksIntel PTT EK Recertification.job => C:WINDOWSSystem32DriverStoreFileRepositoryiclsclient.inf_amd64_76523213b78d9046libIntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 209.18.47.62 209.18.47.61Tcpip..Interfaces40366314-3e71-403a-b06c-66834be56760: [DhcpNameServer] 10.0.1.1 10.0.1.3Tcpip..Interfacesb0f5eb1c-46cb-427d-a445-cd5b51dfb206: [DhcpNameServer] 209.18.47.62 209.18.47.61

Edge: =======Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]Edge DefaultProfile: DefaultEdge Profile: C:UserssatchAppDataLocalMicrosoftEdgeUser DataDefault [2022-10-04]Edge Notifications: Default -> hxxps://maximus-time.com

FireFox:========FF Plugin-x32: @java.com/DTPlugin,version=11.341.2 -> C:Program Files (x86)Javajre1.8.0_341bindtpluginnpDeployJava1.dll [2022-07-22] (Oracle America, Inc. -> Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.341.2 -> C:Program Files (x86)Javajre1.8.0_341binplugin2npjp2.dll [2022-07-22] (Oracle America, Inc. -> Oracle Corporation)

Chrome: =======CHR DefaultProfile: DefaultCHR Profile: C:UserssatchAppDataLocalGoogleChromeUser DataDefault [2022-10-04]CHR Notifications: Default -> hxxps://advnottech.com; hxxps://captchatopsource.com; hxxps://centralheat.net; hxxps://computeradsglobal.com; hxxps://mediaforyour.com; hxxps://nice-day.co.uk; hxxps://pcgamestorrents.com; hxxps://play.pokemonshowdown.com; hxxps://pushnotstudio.com; hxxps://time4news.net; hxxps://www.g2a.com; hxxps://www.paramountplus.com; hxxps://www.wish.com; hxxps://www81.eloypatrick.proCHR Extension: (Avast SafePrice

You may also like

Leave a Comment

CyberNonStop

Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

Laest News

@2021 – All Right Reserved. Designed and Developed by PenciDesign