Jump to content

Keep getting a Blocked website popup notification


Recommended Posts

Hello,

I keep getting the following notification from time to time.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/28/21
Protection Event Time: 11:14 AM
Log File: 69326030-bfc7-11eb-858b-5cf370a28289.json

-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1308
Update Package Version: 1.0.41036
License: Premium

-System Information-
OS: Windows 10 (Build 19042.985)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, System, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Malware
Domain:
IP Address: 212.102.52.87
Port: 0
(No malicious items detected)
Type: Outbound
File: System

 

Is there anything I need to do with regard to this?

Link to post
Share on other sites

Hello , @packers37 ..and :welcome:

I think Malwarebytes has done its job and is blocking a malicious site. He suggests we do an additional check to make sure everything is OK.

 

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

 Note:  Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Press the Scan button

_frst_scan.jpg

 

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

 

Thanks 🙂

Edited by icotonev
Link to post
Share on other sites

Hello,

Thank you for your assistance. Please see the FRST note below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2021
Ran by diamander (administrator) on DESKTOP-D68JEBC (Gigabyte Technology Co., Ltd. Z370 HD3P) (28-05-2021 11:54:06)
Running from C:\Users\diamander\Downloads
Loaded Profiles: diamander
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) INTELND1617S2 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <4>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Private Internet Access, Inc. -> ) C:\Program Files\Private Internet Access\pia-service.exe
(Private Internet Access, Inc. -> Private Internet Access Incorporated) C:\Program Files\Private Internet Access\pia-client.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-11-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-08-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5237432 2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-276071129-478347614-4100385335-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-05-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-276071129-478347614-4100385335-1001\...\Run: [Private Internet Access] => C:\Program Files\Private Internet Access\pia-client.exe [4724104 2021-05-03] (Private Internet Access, Inc. -> Private Internet Access Incorporated)
HKU\S-1-5-21-276071129-478347614-4100385335-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792288 2021-05-28] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-276071129-478347614-4100385335-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5536440 2021-04-27] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65496 2020-12-07] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-05-26] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{AC76BA86-0000-0000-7760-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll [2021-04-20] (Adobe Inc. -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-06-30]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C1803DB-3527-491F-9B52-C2415660E4AC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1D21C9FE-9AC1-4168-BD8C-3E4AADF939F0} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {28FEA6F7-8C70-4566-905E-A3CB5680BFFD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2A7E20B3-354E-40C0-885E-73541ACC41C7} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {57DD9CC1-4486-4560-A5CB-CC63020942B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-05] (Google LLC -> Google LLC)
Task: {5B374E1C-F395-4AA3-87FC-7C29218234EB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {821D44CC-6D5D-42EB-94FF-23091AFD2012} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {861A7EF1-5D46-467D-B410-F1A1360F0410} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8CBB0272-957C-4709-B53C-EBDF7DDD17E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-05] (Google LLC -> Google LLC)
Task: {9DF15EBE-8BCD-4A3A-B6D6-2901508FC730} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {AD3F798F-1200-4BA0-ABC9-73E3AF254BC3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B4E3E7A2-EA69-4665-902C-14A98687E050} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BFB1373E-5052-4869-9D58-3A4377A215B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {D0820A43-2B40-4F18-B918-888674232E17} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {F2634453-A9A0-43FF-87C5-E21F0C7245F0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{27338758-fe2a-485f-a04c-02de3d32daeb}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\diamander\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-19]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: sjlr4ncp.default
FF ProfilePath: C:\Users\diamander\AppData\Roaming\Mozilla\Firefox\Profiles\sjlr4ncp.default [2021-05-28]
FF Extension: (Honey) - C:\Users\diamander\AppData\Roaming\Mozilla\Firefox\Profiles\sjlr4ncp.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2020-10-28]
FF Extension: (Privacy Badger) - C:\Users\diamander\AppData\Roaming\Mozilla\Firefox\Profiles\sjlr4ncp.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-02-02]
FF Extension: (uBlock Origin) - C:\Users\diamander\AppData\Roaming\Mozilla\Firefox\Profiles\sjlr4ncp.default\Extensions\uBlock0@raymondhill.net.xpi [2021-05-04]
FF Extension: (animated sakura by candelora) - C:\Users\diamander\AppData\Roaming\Mozilla\Firefox\Profiles\sjlr4ncp.default\Extensions\{03b45ad7-22b7-4597-a02e-b2b30f156f82}.xpi [2019-06-09]
FF Extension: (Quantum) - C:\Users\diamander\AppData\Roaming\Mozilla\Firefox\Profiles\sjlr4ncp.default\Extensions\{25c704b7-1833-4562-862d-3e5ac2bdaa2f}.xpi [2019-06-09]
FF Extension: (First Mountain Snow by M♥Donna) - C:\Users\diamander\AppData\Roaming\Mozilla\Firefox\Profiles\sjlr4ncp.default\Extensions\{58ed0b89-8436-4436-be1c-0f56273f1adf}.xpi [2020-02-07]
FF Extension: (little flowers) - C:\Users\diamander\AppData\Roaming\Mozilla\Firefox\Profiles\sjlr4ncp.default\Extensions\{98bd9022-1a97-4c7f-85aa-4fb06e9c5d8c}.xpi [2019-06-09]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-12-07]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default [2021-03-07]
CHR Extension: (Slides) - C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-05]
CHR Extension: (Docs) - C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-05]
CHR Extension: (Google Drive) - C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-05]
CHR Extension: (YouTube) - C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-05]
CHR Extension: (Adobe Acrobat) - C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-05]
CHR Extension: (Sheets) - C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-05]
CHR Extension: (Google Docs Offline) - C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-05]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-03-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-05]
CHR Extension: (Gmail) - C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-05]
CHR Extension: (Chrome Media Router) - C:\Users\diamander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-04-02] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10731424 2021-05-28] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-25] (Malwarebytes Inc -> Malwarebytes)
R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [2223016 2021-05-03] (Private Internet Access, Inc. -> )
S3 PrivateInternetAccessWireguard; C:\Program Files\Private Internet Access\pia-wgservice.exe [4447520 2021-05-03] (Private Internet Access, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-27] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-03-28] (Malwarebytes Inc -> Malwarebytes)
S3 gdrv; C:\Windows\gdrv.sys [26192 2018-06-27] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
R2 LGHUBTemperatureService; C:\Program Files\LGHUB\logi_core_temp.sys [22864 2021-05-28] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [37200 2021-03-17] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [25928 2021-03-17] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66896 2021-03-17] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-05-28] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-05-28] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-05-28] (Malwarebytes Inc -> Malwarebytes)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46896 2018-04-23] (SteelSeries ApS -> )
R3 tap-pia-0901; C:\WINDOWS\System32\drivers\tap-pia-0901.sys [39944 2020-01-27] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421112 2021-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [38176 2020-07-18] (WireGuard LLC -> WireGuard LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-28 11:54 - 2021-05-28 11:54 - 000020376 _____ C:\Users\diamander\Downloads\FRST.txt
2021-05-28 11:53 - 2021-05-28 11:54 - 000000000 ____D C:\FRST
2021-05-28 11:53 - 2021-05-28 11:53 - 002299904 _____ (Farbar) C:\Users\diamander\Downloads\FRST64.exe
2021-05-28 09:53 - 2021-05-28 09:53 - 000170254 _____ C:\Users\diamander\Downloads\fax-10498647.pdf
2021-05-28 09:52 - 2021-05-28 09:52 - 000316786 _____ C:\Users\diamander\Downloads\fax-10482666.pdf
2021-05-28 09:51 - 2021-05-28 09:51 - 000179025 _____ C:\Users\diamander\Downloads\fax-10444077.pdf
2021-05-28 09:51 - 2021-05-28 09:51 - 000179012 _____ C:\Users\diamander\Downloads\fax-10444176.pdf
2021-05-28 08:57 - 2021-05-28 08:57 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-05-28 08:57 - 2021-05-28 08:57 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-05-28 08:57 - 2021-05-28 08:57 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-05-28 08:57 - 2021-05-28 08:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-05-27 16:02 - 2021-05-27 16:02 - 000140360 _____ C:\Users\diamander\Downloads\Ham Filed Complaint.pdf
2021-05-27 16:01 - 2021-05-27 16:01 - 000140360 _____ C:\Users\diamander\Downloads\CivilCaseJacket.pdf
2021-05-27 16:01 - 2021-05-27 16:01 - 000035022 _____ C:\Users\diamander\Downloads\document.pdf
2021-05-27 15:31 - 2021-05-27 15:40 - 000129811 _____ C:\Users\diamander\Downloads\Ham, Bong S. Compaint.docx.pdf
2021-05-27 15:01 - 2021-05-27 15:01 - 000100286 _____ C:\Users\diamander\Downloads\2021.05.27 Optimum Diagnostic LOP.docx.pdf
2021-05-27 14:37 - 2021-05-27 14:37 - 000102749 _____ C:\Users\diamander\Downloads\Jang Won So UIM Retainer.pdf
2021-05-27 13:03 - 2021-05-27 13:03 - 000075451 _____ C:\Users\diamander\Downloads\Vital-breedy Consent Order.docx.pdf
2021-05-27 12:51 - 2021-05-27 12:51 - 000269275 _____ C:\Users\diamander\Downloads\Case Results - 7224Omar Ait-Salih(1).pdf
2021-05-27 10:08 - 2021-05-27 10:08 - 000268001 _____ C:\Users\diamander\Downloads\Case Results - 7224Omar Ait-Salih.pdf
2021-05-27 10:06 - 2021-05-27 10:06 - 000048464 _____ C:\Users\diamander\Downloads\sqinv-Mike-Lee-7224.pdf
2021-05-26 15:29 - 2021-05-26 15:29 - 000445131 _____ C:\Users\diamander\Downloads\2019.11.24 Lopez, Jose Stand Up MRI of Bronx.pdf
2021-05-26 15:10 - 2021-05-26 15:10 - 000285239 _____ C:\Users\diamander\Downloads\2021.03.17_Wilson Orthopaedics INVOICE.pdf
2021-05-26 14:37 - 2021-05-26 14:37 - 000734929 _____ C:\Users\diamander\Desktop\2021.05.26 Insureds Confirmation from Adjsuter.pdf
2021-05-26 14:14 - 2021-05-26 14:14 - 000087235 _____ C:\Users\diamander\Downloads\PRIOR Ortho Evals.pdf
2021-05-26 14:13 - 2021-05-26 14:13 - 000238916 _____ C:\Users\diamander\Downloads\PRIOR Diagnostics.pdf
2021-05-26 14:10 - 2021-05-26 14:10 - 000062567 _____ C:\Users\diamander\Downloads\2021.04.13 Rover Note.pdf
2021-05-26 13:55 - 2021-05-26 13:55 - 001363907 _____ C:\Users\diamander\Desktop\Police Report.pdf
2021-05-26 13:03 - 2021-05-26 13:03 - 000058240 _____ C:\Users\diamander\Downloads\2021.05.14 New Doctor.pdf
2021-05-26 10:45 - 2021-05-26 10:45 - 001511472 _____ C:\Users\diamander\Downloads\PR1.jpeg
2021-05-26 10:45 - 2021-05-26 10:45 - 001096918 _____ C:\Users\diamander\Downloads\PR2.jpeg
2021-05-26 10:43 - 2021-05-26 10:43 - 000268618 _____ C:\Users\diamander\Downloads\Case Results - 6969Joseph Williams A(1).pdf
2021-05-26 10:05 - 2021-05-26 10:05 - 000452834 _____ C:\Users\diamander\Downloads\2021.05.24 Paul Ciox 69.00.pdf
2021-05-26 10:05 - 2021-05-26 10:05 - 000452834 _____ C:\Users\diamander\Downloads\2021.05.24 Ariza Ciox 43.20.pdf
2021-05-26 10:04 - 2021-05-26 10:04 - 000347656 _____ C:\Users\diamander\Downloads\2021.05.24 Ciox 21.40.pdf
2021-05-26 10:03 - 2021-05-26 10:03 - 000305702 _____ C:\Users\diamander\Desktop\2021.05.26 Dep Payment 290.50.pdf
2021-05-25 16:46 - 2021-05-25 16:46 - 000685942 _____ C:\Users\diamander\Downloads\Jong H Kim Records Choi.pdf
2021-05-25 16:45 - 2021-05-25 16:48 - 001663005 _____ C:\Users\diamander\Downloads\Seung H Choi Evaluations.pdf
2021-05-25 16:45 - 2021-05-25 16:45 - 000343166 _____ C:\Users\diamander\Downloads\CHOI SEUNG H 06152020 07152020.pdf
2021-05-25 16:45 - 2021-05-25 16:45 - 000306555 _____ C:\Users\diamander\Downloads\PT 07282020 08042020END.pdf
2021-05-25 16:45 - 2021-05-25 16:45 - 000301726 _____ C:\Users\diamander\Downloads\CHOI SEUNG H 12022020 01122021.pdf
2021-05-25 16:45 - 2021-05-25 16:45 - 000089155 _____ C:\Users\diamander\Downloads\Affinity MRIs.pdf
2021-05-25 16:37 - 2021-05-25 16:37 - 001181737 _____ C:\Users\diamander\Downloads\Chung S Kim Retainer.pdf
2021-05-25 16:22 - 2021-05-25 16:22 - 000102151 _____ C:\Users\diamander\Downloads\PI Retainer Agreement(1).pdf
2021-05-25 15:20 - 2021-05-25 15:20 - 000064476 _____ C:\Users\diamander\Downloads\HIPAA Auth Blank.pdf
2021-05-25 15:13 - 2021-05-25 15:13 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-25 15:13 - 2021-05-25 15:13 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-25 15:12 - 2021-05-25 15:13 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-25 15:12 - 2021-05-25 15:12 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-25 13:10 - 2021-05-25 13:11 - 000181766 _____ C:\Users\diamander\Downloads\59948.pdf
2021-05-25 13:09 - 2021-05-25 13:09 - 000057641 _____ C:\Users\diamander\Downloads\Jung Kim BI Release.pdf
2021-05-25 13:07 - 2021-05-25 13:09 - 000050980 _____ C:\Users\diamander\Downloads\Jung Kim UIM Release.pdf
2021-05-25 12:54 - 2021-05-25 12:54 - 000800876 _____ C:\Users\diamander\Downloads\04-08-21 - Griffiths v Slater - Hana Griffiths.pdf
2021-05-25 12:54 - 2021-05-25 12:54 - 000592964 _____ C:\Users\diamander\Downloads\04-08-21 - Griffiths v Slater - Rebecca Slater.pdf
2021-05-25 12:54 - 2021-05-25 12:54 - 000373150 _____ C:\Users\diamander\Downloads\04-08-21 - Griffiths, Hana vs Slater, Rebecca and Slater, Chialing - Exhibits.pdf
2021-05-25 12:54 - 2021-05-25 12:54 - 000149189 _____ C:\Users\diamander\Downloads\04-08-21 - Griffiths v Slater - Hana Griffiths - MINI.pdf
2021-05-25 12:54 - 2021-05-25 12:54 - 000108146 _____ C:\Users\diamander\Downloads\04-08-21 - Griffiths v Slater - Rebecca Slater - MINI.pdf
2021-05-25 12:54 - 2021-05-25 12:54 - 000088326 _____ C:\Users\diamander\Downloads\Griffiths vs. Slater Invoice for NAJIB'S OFFICE 4.8.21.pdf
2021-05-25 12:53 - 2021-05-25 12:53 - 001135308 _____ C:\Users\diamander\Downloads\RepositoryMultipleFiles_21525125326.zip
2021-05-25 12:53 - 2021-05-25 12:53 - 000052443 _____ C:\Users\diamander\Downloads\Barker Supp Rogs.pdf
2021-05-25 12:52 - 2021-05-25 12:53 - 000072095 _____ C:\Users\diamander\Downloads\Barker NTP.pdf
2021-05-25 12:52 - 2021-05-25 12:52 - 000054774 _____ C:\Users\diamander\Downloads\Barker Letter.pdf
2021-05-25 10:15 - 2021-05-25 10:15 - 003303045 _____ C:\Users\diamander\Downloads\Family Psych & Therapy.pdf
2021-05-25 10:14 - 2021-05-25 10:14 - 000106664 _____ C:\Users\diamander\Downloads\P A T I E N T L E D G E R S - ROSALIA ARIZA.pdf
2021-05-24 16:34 - 2021-05-24 16:34 - 000591808 _____ C:\Users\diamander\Downloads\Norat Hipaa Family Psych.pdf
2021-05-24 16:18 - 2021-05-24 16:18 - 000102151 _____ C:\Users\diamander\Downloads\PI Retainer Agreement.pdf
2021-05-24 10:21 - 2021-05-24 10:21 - 000086969 _____ C:\Users\diamander\Downloads\fax-out1621347368-confirmation.pdf
2021-05-24 10:16 - 2021-05-24 10:16 - 000090129 _____ C:\Users\diamander\Downloads\2021.05.24 PIP application to Adjuster.pdf
2021-05-21 16:37 - 2021-05-21 16:37 - 000094412 _____ C:\Users\diamander\Downloads\2021.05.21 Settlement Demand Shin, Joonhee.pdf
2021-05-21 16:07 - 2021-05-21 16:07 - 000062437 _____ C:\Users\diamander\Downloads\2021.05.21 LOR to GEICO for Denial.pdf
2021-05-21 16:07 - 2021-05-21 16:07 - 000062108 _____ C:\Users\diamander\Downloads\2021.05.21 LOR to GEICO for Denial(1).pdf
2021-05-21 15:39 - 2021-05-21 15:39 - 000715086 _____ C:\Users\diamander\Downloads\Pena PIP Application.pdf
2021-05-21 13:27 - 2021-05-21 13:28 - 006155894 _____ C:\Users\diamander\Downloads\Ariza, R. #2.pdf
2021-05-21 13:27 - 2021-05-21 13:28 - 000230960 _____ C:\Users\diamander\Downloads\Ariza, R. #1.pdf
2021-05-21 13:17 - 2021-05-21 13:17 - 000764946 _____ C:\Users\diamander\Downloads\1.pdf
2021-05-21 13:11 - 2021-05-21 13:11 - 000216795 _____ C:\Users\diamander\Downloads\Ariza, Rosalia 11-30-20.pdf
2021-05-21 12:24 - 2021-05-21 12:24 - 000300368 _____ C:\Users\diamander\Downloads\2021.05.21 Zirger Receipt Confirmation.pdf
2021-05-21 12:04 - 2021-05-21 12:04 - 000116467 _____ C:\Users\diamander\Downloads\1620915623.pdf
2021-05-21 11:37 - 2021-05-21 11:37 - 000213433 _____ C:\Users\diamander\Downloads\Mag Wear LLC.pdf
2021-05-21 11:22 - 2021-05-21 11:22 - 000035131 _____ C:\Users\diamander\Downloads\Moon POA.pdf
2021-05-21 10:50 - 2021-05-21 10:50 - 000069674 _____ C:\Users\diamander\Downloads\2021.06.17 Ortho Surgery IME.pdf
2021-05-21 09:54 - 2021-05-26 10:46 - 002784455 _____ C:\Users\diamander\Downloads\Police Report.pdf
2021-05-21 09:35 - 2021-05-21 09:35 - 000171656 _____ C:\Users\diamander\Downloads\fax-10387858.pdf
2021-05-21 09:31 - 2021-05-21 09:31 - 000311095 _____ C:\Users\diamander\Downloads\2021.02.19 Spencer BI Letter.pdf
2021-05-20 15:20 - 2021-05-20 15:20 - 000069674 _____ C:\Users\diamander\Downloads\fax-10375769.pdf
2021-05-20 14:10 - 2021-05-20 14:10 - 000141102 _____ C:\Users\diamander\Downloads\fax-10367244.pdf
2021-05-20 13:08 - 2021-05-20 13:08 - 000070883 _____ C:\Users\diamander\Downloads\1620927524.pdf
2021-05-20 11:21 - 2021-05-20 11:21 - 000268618 _____ C:\Users\diamander\Downloads\Case Results - 6969Joseph Williams A.pdf
2021-05-20 11:20 - 2021-05-20 11:20 - 000048614 _____ C:\Users\diamander\Downloads\sqinv-Mike-Lee-6969.pdf
2021-05-20 10:05 - 2021-05-20 10:06 - 000710393 _____ C:\Users\diamander\Downloads\fax-10355143.pdf
2021-05-20 10:05 - 2021-05-20 10:05 - 002286877 _____ C:\Users\diamander\Downloads\fax-10320337.pdf
2021-05-20 10:05 - 2021-05-20 10:05 - 000178530 _____ C:\Users\diamander\Downloads\fax-10319414.pdf
2021-05-20 09:58 - 2021-05-20 09:58 - 000072604 _____ C:\Users\diamander\Downloads\williams invoice.pdf
2021-05-19 13:29 - 2021-05-19 13:29 - 006770079 _____ C:\Users\diamander\Downloads\Kwon Specials Attachments.pdf
2021-05-19 13:29 - 2021-05-19 13:29 - 000118929 _____ C:\Users\diamander\Downloads\Kwon BI Specials.docx.pdf
2021-05-15 14:34 - 2021-05-15 14:34 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk
2021-05-12 09:06 - 2021-05-12 09:06 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-12 09:06 - 2021-05-12 09:06 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-12 09:06 - 2021-05-12 09:06 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-12 09:06 - 2021-05-12 09:06 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-12 09:06 - 2021-05-12 09:06 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-12 09:06 - 2021-05-12 09:06 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-12 09:06 - 2021-05-12 09:06 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-12 09:06 - 2021-05-12 09:06 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-12 09:06 - 2021-05-12 09:06 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-12 09:06 - 2021-05-12 09:06 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-12 09:05 - 2021-05-12 09:05 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-12 09:05 - 2021-05-12 09:05 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-06 22:32 - 2021-05-06 22:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-05-04 03:42 - 2021-05-04 03:58 - 000000000 ____D C:\Users\diamander\AppData\Local\T2GP Launcher
2021-05-04 03:42 - 2021-05-04 03:42 - 000000000 ____D C:\Users\diamander\AppData\Roaming\T2GP Launcher
2021-05-03 23:32 - 2021-05-03 23:32 - 000000222 _____ C:\Users\diamander\Desktop\The Witcher 3 Wild Hunt.url

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-28 11:53 - 2021-04-04 15:38 - 000000000 ____D C:\Users\diamander\AppData\Local\LGHUB
2021-05-28 11:51 - 2020-09-07 02:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-28 11:51 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-28 11:29 - 2018-07-06 21:00 - 000000000 ____D C:\Users\diamander\AppData\Roaming\discord
2021-05-28 11:09 - 2018-07-06 21:00 - 000000000 ____D C:\Users\diamander\AppData\Local\Discord
2021-05-28 09:04 - 2020-09-07 02:20 - 001467472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-28 09:04 - 2020-09-07 00:37 - 000499648 _____ C:\WINDOWS\system32\perfh012.dat
2021-05-28 09:04 - 2020-09-07 00:37 - 000134470 _____ C:\WINDOWS\system32\perfc012.dat
2021-05-28 09:04 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-28 09:00 - 2020-12-15 15:13 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-05-28 09:00 - 2020-12-15 15:13 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-05-28 08:59 - 2018-06-27 21:24 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-28 08:58 - 2020-03-01 10:57 - 000000000 ____D C:\Users\diamander\AppData\Roaming\LGHUB
2021-05-28 08:58 - 2019-02-10 01:31 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-28 08:57 - 2021-03-24 12:05 - 000000000 ____D C:\Program Files\LGHUB
2021-05-28 08:57 - 2020-09-07 02:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-28 08:57 - 2020-09-07 02:13 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-28 08:57 - 2019-01-24 18:40 - 000000000 ____D C:\Users\diamander\AppData\LocalLow\Mozilla
2021-05-28 00:29 - 2019-12-07 05:03 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2021-05-27 23:53 - 2018-06-28 18:08 - 000000000 ____D C:\Program Files (x86)\Steam
2021-05-27 17:50 - 2018-07-14 19:33 - 000000000 ____D C:\Users\diamander\AppData\Local\D3DSCache
2021-05-27 09:10 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-27 09:10 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-27 08:58 - 2018-06-28 12:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-26 22:10 - 2020-04-30 20:13 - 000000000 ____D C:\Users\diamander\AppData\Local\Spotify
2021-05-26 21:49 - 2020-04-30 20:13 - 000000000 ____D C:\Users\diamander\AppData\Roaming\Spotify
2021-05-26 19:42 - 2021-03-05 15:30 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-25 15:13 - 2020-08-07 20:11 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-22 14:55 - 2018-06-30 21:24 - 000000000 ____D C:\Users\diamander\Documents\The Witcher 3
2021-05-21 19:42 - 2020-06-15 20:54 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-19 19:09 - 2018-06-28 12:36 - 000000000 ____D C:\Users\diamander\AppData\Local\CrashDumps
2021-05-19 00:07 - 2018-10-16 23:35 - 000000000 ____D C:\ProgramData\Riot Games
2021-05-18 14:24 - 2020-01-24 13:52 - 000000000 ____D C:\Users\diamander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-05-17 17:58 - 2018-06-28 18:09 - 000000000 ____D C:\Users\diamander\AppData\Local\Battle.net
2021-05-15 14:34 - 2019-02-22 18:30 - 000000000 ____D C:\Program Files\Private Internet Access
2021-05-14 17:26 - 2018-06-28 18:09 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-05-13 09:03 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-13 00:01 - 2020-09-07 02:13 - 000296392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-13 00:01 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-13 00:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-12 23:10 - 2020-12-15 15:11 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-05-12 23:10 - 2020-12-15 15:11 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-05-12 09:07 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-12 09:07 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-12 09:00 - 2018-06-28 12:38 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-12 09:00 - 2018-06-28 12:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-08 12:07 - 2021-04-04 15:37 - 000000000 ____D C:\ProgramData\LGHUB
2021-05-06 23:03 - 2020-11-09 13:27 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-06 23:03 - 2019-01-24 18:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-06 22:32 - 2019-01-24 18:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-06 21:33 - 2018-07-05 18:50 - 000000000 ____D C:\Users\diamander\AppData\Roaming\Twitch
2021-05-03 23:39 - 2020-09-03 19:02 - 000000000 ____D C:\Users\diamander\AppData\Roaming\EasyAntiCheat
2021-05-03 20:37 - 2020-08-22 00:24 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2019-06-29 11:52 - 2019-06-29 11:52 - 000000000 _____ () C:\Users\diamander\AppData\Local\D21134.tmp
2019-06-17 18:03 - 2019-06-17 18:03 - 000000000 _____ () C:\Users\diamander\AppData\Local\D211D7.tmp
2019-06-17 17:56 - 2019-06-17 17:56 - 000000000 _____ () C:\Users\diamander\AppData\Local\D21445.tmp
2019-06-27 23:47 - 2019-06-27 23:47 - 000000000 _____ () C:\Users\diamander\AppData\Local\D21511.tmp
2019-06-16 23:43 - 2019-06-16 23:43 - 000000000 _____ () C:\Users\diamander\AppData\Local\D215BE.tmp
2019-06-23 23:38 - 2019-06-23 23:38 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2171F.tmp
2019-06-15 12:06 - 2019-06-15 12:06 - 000000000 _____ () C:\Users\diamander\AppData\Local\D21908.tmp
2019-06-29 19:13 - 2019-06-29 19:13 - 000000000 _____ () C:\Users\diamander\AppData\Local\D21955.tmp
2019-06-30 13:00 - 2019-06-30 13:00 - 000000000 _____ () C:\Users\diamander\AppData\Local\D21CFE.tmp
2019-06-16 18:53 - 2019-06-16 18:53 - 000000000 _____ () C:\Users\diamander\AppData\Local\D22345.tmp
2019-06-27 21:26 - 2019-06-27 21:26 - 000000000 _____ () C:\Users\diamander\AppData\Local\D223F9.tmp
2019-06-20 12:43 - 2019-06-20 12:43 - 000000000 _____ () C:\Users\diamander\AppData\Local\D228F1.tmp
2019-06-28 00:31 - 2019-06-28 00:31 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2324B.tmp
2019-06-30 23:42 - 2019-06-30 23:42 - 000000000 _____ () C:\Users\diamander\AppData\Local\D237E6.tmp
2019-06-22 09:46 - 2019-06-22 09:46 - 000000000 _____ () C:\Users\diamander\AppData\Local\D23A40.tmp
2019-06-23 22:07 - 2019-06-23 22:07 - 000000000 _____ () C:\Users\diamander\AppData\Local\D23EFC.tmp
2019-06-24 12:25 - 2019-06-24 12:25 - 000000000 _____ () C:\Users\diamander\AppData\Local\D23FE6.tmp
2019-06-19 20:24 - 2019-06-19 20:24 - 000000000 _____ () C:\Users\diamander\AppData\Local\D240E3.tmp
2019-06-23 20:06 - 2019-06-23 20:06 - 000000000 _____ () C:\Users\diamander\AppData\Local\D24215.tmp
2019-06-15 12:28 - 2019-06-15 12:28 - 000000000 _____ () C:\Users\diamander\AppData\Local\D246ED.tmp
2019-06-26 17:36 - 2019-06-26 17:36 - 000000000 _____ () C:\Users\diamander\AppData\Local\D24888.tmp
2019-06-15 16:07 - 2019-06-15 16:07 - 000000000 _____ () C:\Users\diamander\AppData\Local\D24A3C.tmp
2019-06-30 15:49 - 2019-06-30 15:49 - 000000000 _____ () C:\Users\diamander\AppData\Local\D24F5C.tmp
2019-06-17 17:49 - 2019-06-17 17:49 - 000000000 _____ () C:\Users\diamander\AppData\Local\D24F6C.tmp
2019-06-20 21:06 - 2019-06-20 21:06 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2528D.tmp
2019-06-16 19:57 - 2019-06-16 19:57 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2541B.tmp
2019-06-30 18:11 - 2019-06-30 18:11 - 000000000 _____ () C:\Users\diamander\AppData\Local\D256A7.tmp
2019-06-23 13:01 - 2019-06-23 13:01 - 000000000 _____ () C:\Users\diamander\AppData\Local\D259C7.tmp
2019-06-19 21:25 - 2019-06-19 21:25 - 000000000 _____ () C:\Users\diamander\AppData\Local\D25A7A.tmp
2019-06-30 18:22 - 2019-06-30 18:22 - 000000000 _____ () C:\Users\diamander\AppData\Local\D25B0B.tmp
2019-06-25 17:29 - 2019-06-25 17:29 - 000000000 _____ () C:\Users\diamander\AppData\Local\D25EC5.tmp
2019-06-23 19:44 - 2019-06-23 19:44 - 000000000 _____ () C:\Users\diamander\AppData\Local\D25F06.tmp
2019-06-24 19:38 - 2019-06-24 19:38 - 000000000 _____ () C:\Users\diamander\AppData\Local\D25F4A.tmp
2019-06-26 20:47 - 2019-06-26 20:47 - 000000000 _____ () C:\Users\diamander\AppData\Local\D26472.tmp
2019-06-18 12:25 - 2019-06-18 12:25 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2649E.tmp
2019-06-15 22:51 - 2019-06-15 22:51 - 000000000 _____ () C:\Users\diamander\AppData\Local\D26629.tmp
2019-06-20 21:06 - 2019-06-20 21:06 - 000000000 _____ () C:\Users\diamander\AppData\Local\D266A3.tmp
2019-06-28 18:58 - 2019-06-28 18:58 - 000000000 _____ () C:\Users\diamander\AppData\Local\D26B62.tmp
2019-06-15 19:19 - 2019-06-15 19:19 - 000000000 _____ () C:\Users\diamander\AppData\Local\D26BE5.tmp
2019-06-23 19:43 - 2019-06-23 19:43 - 000000000 _____ () C:\Users\diamander\AppData\Local\D26D81.tmp
2019-06-22 16:11 - 2019-06-22 16:11 - 000000000 _____ () C:\Users\diamander\AppData\Local\D27407.tmp
2019-06-26 23:01 - 2019-06-26 23:01 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2754F.tmp
2019-06-23 18:20 - 2019-06-23 18:20 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2768A.tmp
2019-06-30 23:09 - 2019-06-30 23:09 - 000000000 _____ () C:\Users\diamander\AppData\Local\D27704.tmp
2019-06-22 12:57 - 2019-06-22 12:57 - 000000000 _____ () C:\Users\diamander\AppData\Local\D27D60.tmp
2019-06-22 22:15 - 2019-06-22 22:15 - 000000000 _____ () C:\Users\diamander\AppData\Local\D27EB5.tmp
2019-06-17 18:03 - 2019-06-17 18:03 - 000000000 _____ () C:\Users\diamander\AppData\Local\D282F0.tmp
2019-06-28 12:19 - 2019-06-28 12:19 - 000000000 _____ () C:\Users\diamander\AppData\Local\D28368.tmp
2019-06-24 17:43 - 2019-06-24 17:43 - 000000000 _____ () C:\Users\diamander\AppData\Local\D284A8.tmp
2019-06-21 12:25 - 2019-06-21 12:25 - 000000000 _____ () C:\Users\diamander\AppData\Local\D284EF.tmp
2019-06-23 19:44 - 2019-06-23 19:44 - 000000000 _____ () C:\Users\diamander\AppData\Local\D28617.tmp
2019-06-29 19:49 - 2019-06-29 19:49 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2863D.tmp
2019-06-16 01:14 - 2019-06-16 01:14 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2865C.tmp
2019-06-19 08:23 - 2019-06-19 08:23 - 000000000 _____ () C:\Users\diamander\AppData\Local\D28741.tmp
2019-06-27 17:14 - 2019-06-27 17:14 - 000000000 _____ () C:\Users\diamander\AppData\Local\D28ACB.tmp
2019-06-25 12:08 - 2019-06-25 12:08 - 000000000 _____ () C:\Users\diamander\AppData\Local\D28CEE.tmp
2019-06-19 17:37 - 2019-06-19 17:37 - 000000000 _____ () C:\Users\diamander\AppData\Local\D28E3.tmp
2019-06-21 18:01 - 2019-06-21 18:01 - 000000000 _____ () C:\Users\diamander\AppData\Local\D28E46.tmp
2019-07-02 12:30 - 2019-07-02 12:30 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2900D.tmp
2019-07-01 08:34 - 2019-07-01 08:34 - 000000000 _____ () C:\Users\diamander\AppData\Local\D291EF.tmp
2019-06-17 12:28 - 2019-06-17 12:28 - 000000000 _____ () C:\Users\diamander\AppData\Local\D293F6.tmp
2019-06-30 21:46 - 2019-06-30 21:46 - 000000000 _____ () C:\Users\diamander\AppData\Local\D29505.tmp
2019-06-18 07:45 - 2019-06-18 07:45 - 000000000 _____ () C:\Users\diamander\AppData\Local\D29A4C.tmp
2019-06-18 08:43 - 2019-06-18 08:43 - 000000000 _____ () C:\Users\diamander\AppData\Local\D29B84.tmp
2019-07-01 12:21 - 2019-07-01 12:21 - 000000000 _____ () C:\Users\diamander\AppData\Local\D29D68.tmp
2019-06-26 12:15 - 2019-06-26 12:15 - 000000000 _____ () C:\Users\diamander\AppData\Local\D29D7B.tmp
2019-06-29 16:52 - 2019-06-29 16:52 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2A532.tmp
2019-06-22 18:44 - 2019-06-22 18:44 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2A9EC.tmp
2019-06-27 18:18 - 2019-06-27 18:18 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2AE51.tmp
2019-06-20 17:46 - 2019-06-20 17:46 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2AEA9.tmp
2019-07-01 23:26 - 2019-07-01 23:26 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2AEF7.tmp
2019-06-16 23:58 - 2019-06-16 23:58 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2B1B0.tmp
2019-06-16 20:17 - 2019-06-16 20:17 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2B37C.tmp
2019-06-26 17:15 - 2019-06-26 17:15 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2B53E.tmp
2019-06-18 17:28 - 2019-06-18 17:28 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2B634.tmp
2019-06-27 19:40 - 2019-06-27 19:40 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2B6DF.tmp
2019-06-16 10:40 - 2019-06-16 10:40 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2B8EF.tmp
2019-06-29 18:11 - 2019-06-29 18:11 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2B90A.tmp
2019-06-30 17:52 - 2019-06-30 17:52 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2BA79.tmp
2019-06-23 22:36 - 2019-06-23 22:36 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2C2F3.tmp
2019-06-16 21:47 - 2019-06-16 21:47 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2C494.tmp
2019-06-22 13:41 - 2019-06-22 13:41 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2CB30.tmp
2019-06-16 22:22 - 2019-06-16 22:22 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2CC39.tmp
2019-06-24 08:45 - 2019-06-24 08:45 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2CC97.tmp
2019-06-25 00:07 - 2019-06-25 00:07 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2D0C4.tmp
2019-06-22 12:05 - 2019-06-22 12:05 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2D51F.tmp
2019-06-19 21:17 - 2019-06-19 21:17 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2D5B7.tmp
2019-06-28 18:04 - 2019-06-28 18:04 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2D867.tmp
2019-06-30 21:01 - 2019-06-30 21:01 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2E14.tmp
2019-06-24 21:09 - 2019-06-24 21:09 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2E147.tmp
2019-06-29 21:06 - 2019-06-29 21:06 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2E8AB.tmp
2019-06-15 21:40 - 2019-06-15 21:40 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2F068.tmp
2019-07-01 17:27 - 2019-07-01 17:27 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2FC2D.tmp
2019-06-27 12:37 - 2019-06-27 12:37 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2FD7F.tmp
2019-06-29 12:45 - 2019-06-29 12:45 - 000000000 _____ () C:\Users\diamander\AppData\Local\D2FDA3.tmp
2019-06-29 20:29 - 2020-03-26 19:22 - 000005632 _____ () C:\Users\diamander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-12-15 15:11 - 2020-12-15 15:11 - 000000410 _____ () C:\Users\diamander\AppData\Local\oobelibMkey.log
2020-10-13 14:09 - 2020-10-13 14:09 - 000002227 _____ () C:\Users\diamander\AppData\Local\recently-used.xbel

==================== SigCheck ============================Addition.txt

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Link to post
Share on other sites

 
No active infections can be seen from the provided logs ...!!!
 
 

SecurityCheck by glax24  

            
I would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications.

  • Download SecurityCheck by glax24 from here  
  • and save the tool on the desktop.
  • If Windows's SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.
  • This tool is safe.  Smartscreen is overly sensitive.
  • Right-click with your mouse on the Securitycheck.exe and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt
Link to post
Share on other sites

+  Control scan:

 

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
Link to post
Share on other sites

I ran the ESET Scanner that did not detect any threats. Here's the log below:

 

5/29/2021 7:07:53 AM
Files scanned: 480579
Detected files: 0
Cleaned files: 0
Total scan time: 00:24:17
Scan status: Finished

 

Link to post
Share on other sites

Wonderful ..! Your system is clean ..! I think we should finish:

The following tool will remove the tools we used as well as reset system restore points:

Download 
KpRm  by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

 

Link to post
Share on other sites

Thank you again for all your help. Please find the contents of the KpRm below:

 

# Run at 5/30/2021 3:35:39 PM
# KpRm (Kernel-panik) version 2.9
# Website https://kernel-panik.me/tool/kprm/
# Run by diamander from C:\Users\diamander\Desktop
# Computer Name: DESKTOP-D68JEBC
# OS: Windows 10 X64 (19042)
# Number of passes: 1

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines

- Create Registry Backup -

   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\diamander\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2021-05-30-15-35-39

- Delete Tools -


  ## ESET Online Scanner
     [OK] C:\Users\diamander\Desktop\esetonlinescanner.exe deleted
     [OK] C:\Users\diamander\AppData\Local\ESET\ESETOnlineScanner deleted

  ## FRST
     [OK] C:\FRST deleted

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named Scheduled Checkpoint created at 05/11/2021 13:08:47 deleted
   ~ [OK] RP named Scheduled Checkpoint created at 05/20/2021 13:02:20 deleted
   ~ [OK] RP named Scheduled Checkpoint created at 05/29/2021 18:16:01 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ RP named KpRm created at 05/30/2021 19:35:47

-- KPRM finished in 19.18s --

 

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.