Jump to content

web browsing RTP - Trojan detected, outbound


Recommended Posts

So I was browsing around on web looking for a rom for an emulator, and i went to one site and it was immediately blocked as a trojan attempt , i did a scan(nothing came up), now im doing a deep scan with rootkit scanning enabled. I then did an adwcleaner and nothing came up. 

here is the mbam log 

 

Any help in determining if my system is infected or not is appreciated

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/4/21
Protection Event Time: 3:38 PM
Log File: 7b44ab02-c56c-11eb-9306-18c04d7301d3.json

-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1308
Update Package Version: 1.0.41305
License: Premium

-System Information-
OS: Windows 10 (Build 19043.985)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: romhustler.org
IP Address: 104.21.75.146
Port: 443
Type: Outbound
File: C:\Program Files\Google\Chrome\Application\chrome.exe

(end)

Link to post
Share on other sites

FRST LOGS

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-06-2021
Ran by Eric (administrator) on DESKTOP-G3UFN9C (Gigabyte Technology Co., Ltd. B450M DS3H V2) (04-06-2021 17:59:58)
Running from C:\Users\Eric\Desktop
Loaded Profiles: Eric & eric2
Platform: Windows 10 Pro Version 21H1 19043.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe <2>
(June Fabrics Technology Inc. -> ) C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe <2>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <36>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\Display.NvContainer\NVDisplay.Container.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
0 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeApp.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\...\MountPoints2: {0c784704-b85f-11eb-820a-806e6f6e6963} - "F:\install.EXE" id= ver=1.0.0.0
Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2021-05-19]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (June Fabrics Technology Inc. -> )
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {250F3461-64B2-495C-A33D-3184B03AE3B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-24] (Google LLC -> Google LLC)
Task: {4A5AC437-92D3-4C60-B1AD-F935812CBB14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4C92780D-CA0A-4094-A5CE-204614AF45FF} - System32\Tasks\Intelligent StandbyList Cleaner => C:\Users\Eric\Desktop\Adamx Windows 10 Optimization Pack\9 Latency (Timer Resolution + Memory Cleaning)\Intelligent Standby List Cleaner\Intelligent standby list cleaner ISLC.exe
Task: {560A2C48-FF85-4135-8326-2C07CAAEE17A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6942A443-2390-4A6B-948E-1A67BE9EAD9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-24] (Google LLC -> Google LLC)
Task: {B27A6B95-FC8C-4742-BCFB-F26A27A09EA1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BF587FC7-3DF6-4FCA-A0C3-D781AC71D381} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1827097913-1817216829-3116216233-1002 => C:\Users\Eric\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {D8C3918A-63D2-47FE-AD34-7CC0C4C424A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{052ec528-3413-4830-8f61-0ac074bdef63}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{22a340e5-4452-4e54-8839-53ffafbb4de5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{36486400-86ac-433d-8d6a-2254c45a12f6}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{99d5bc22-483e-40a4-8586-f8204b79094f}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{9cd26d0f-460c-437f-b867-8492226c8f3b}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{dc29e276-2a16-44d7-8e6b-c15ff6bfc643}: [DhcpNameServer] 192.168.42.129

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Eric\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-04]

FireFox:
========
FF DefaultProfile: 7yqjs7pp.default
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7yqjs7pp.default [2021-05-19]
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\lid15chk.default-release [2021-05-26]
FF Extension: (uBlock Origin) - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\lid15chk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-05-19]

Chrome: 
=======
CHR Profile: C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default [2021-06-04]
CHR Extension: (Google Drive) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-24]
CHR Extension: (YouTube) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-24]
CHR Extension: (uBlock Origin) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-25]
CHR Extension: (ClearURLs) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lckanjgmijmafbedllaakclkaicjfmnk [2021-06-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-24]
CHR Extension: (Gmail) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-24]
CHR Extension: (Chrome Media Router) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-24]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2021-06-03] (BattlEye Innovations e.K. -> )
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [6646680 2021-02-19] (GlassWire -> SecureMix LLC)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-24] (Malwarebytes Inc -> Malwarebytes)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393288 2021-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCMH43XX; C:\Windows\system32\DRIVERS\AE2500w764.sys [2576632 2016-12-03] (Broadcom Corporation -> Broadcom Corporation)
S4 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [199128 2021-05-24] (Malwarebytes Inc -> Malwarebytes)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-05-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-05-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198888 2021-06-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-06-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-05-24] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [157944 2021-06-04] (Malwarebytes Inc -> Malwarebytes)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2021-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [421112 2021-05-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-19] (Microsoft Windows -> Microsoft Corporation)
S4 MpKsl8f23dd7d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37897894-F7B8-4B44-B946-629BA743B150}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-04 17:59 - 2021-06-04 18:00 - 000011756 _____ C:\Users\Eric\Desktop\FRST.txt
2021-06-04 17:59 - 2021-06-04 18:00 - 000000000 ____D C:\FRST
2021-06-04 17:57 - 2021-06-04 17:58 - 002300928 _____ (Farbar) C:\Users\Eric\Desktop\FRST64.exe
2021-06-04 16:50 - 2021-06-04 16:50 - 000000000 ____D C:\Users\eric2\AppData\Local\OO Software
2021-06-04 16:44 - 2021-06-04 16:44 - 000000000 ____D C:\AdwCleaner
2021-06-04 16:43 - 2021-06-04 16:43 - 008534696 _____ (Malwarebytes) C:\Users\eric2\Downloads\adwcleaner_8.2.exe
2021-06-04 16:38 - 2021-06-04 16:38 - 000001242 _____ C:\Users\eric2\Desktop\Tibia - Shortcut.lnk
2021-06-04 16:38 - 2021-06-04 16:38 - 000000000 ____D C:\Users\eric2\AppData\Local\CipSoft GmbH
2021-06-04 16:38 - 2021-06-04 16:38 - 000000000 ____D C:\Users\eric2\AppData\Local\cache
2021-06-04 16:38 - 2021-06-04 16:38 - 000000000 ____D C:\Users\eric2\AppData\Local\BattlEye
2021-06-04 16:31 - 2021-06-04 16:31 - 000000000 ____D C:\Users\eric2\AppData\Roaming\WinRAR
2021-06-04 16:29 - 2021-06-04 16:29 - 000000000 ____D C:\Users\eric2\AppData\Local\Comms
2021-06-04 16:19 - 2021-06-04 16:26 - 000000000 ____D C:\Users\eric2\AppData\Local\Google
2021-06-04 16:18 - 2021-06-04 16:18 - 000000000 ____D C:\Users\eric2\AppData\Local\PlaceholderTileLogoFolder
2021-06-04 16:17 - 2021-06-04 16:17 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1827097913-1817216829-3116216233-1002
2021-06-04 16:17 - 2021-06-04 16:17 - 000000000 ___RD C:\Users\eric2\OneDrive
2021-06-04 16:13 - 2021-06-04 17:48 - 000000000 ____D C:\Users\eric2\AppData\Local\Packages
2021-06-04 16:13 - 2021-06-04 16:17 - 000002412 _____ C:\Users\eric2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-04 16:13 - 2021-06-04 16:17 - 000000000 ____D C:\Users\eric2
2021-06-04 16:13 - 2021-06-04 16:13 - 000000020 ___SH C:\Users\eric2\ntuser.ini
2021-06-04 16:13 - 2021-06-04 16:13 - 000000000 ___RD C:\Users\eric2\3D Objects
2021-06-04 16:13 - 2021-06-04 16:13 - 000000000 ____D C:\Users\eric2\AppData\Roaming\Adobe
2021-06-04 16:13 - 2021-06-04 16:13 - 000000000 ____D C:\Users\eric2\AppData\Local\VirtualStore
2021-06-04 16:13 - 2021-06-04 16:13 - 000000000 ____D C:\Users\eric2\AppData\Local\Publishers
2021-06-04 16:13 - 2021-06-04 16:13 - 000000000 ____D C:\Users\eric2\AppData\Local\glasswire
2021-06-04 16:13 - 2021-06-04 16:13 - 000000000 ____D C:\Users\eric2\AppData\Local\D3DSCache
2021-06-04 16:13 - 2021-06-04 16:13 - 000000000 ____D C:\Users\eric2\AppData\Local\ConnectedDevicesPlatform
2021-06-04 16:12 - 2021-06-04 16:12 - 000198888 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-06-04 16:12 - 2021-06-04 16:12 - 000157944 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-06-04 16:12 - 2021-06-04 16:12 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-06-04 14:56 - 2021-06-04 16:12 - 000000000 ____D C:\Users\Eric\AppData\Roaming\fightcade-nativefier-b096d2
2021-06-04 14:33 - 2021-06-04 14:33 - 000000765 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Fightcade2.lnk
2021-06-04 14:31 - 2021-06-04 14:33 - 000000000 ____D C:\Users\Eric\Documents\Fightcade
2021-06-04 14:21 - 2021-06-04 14:24 - 221807280 _____ C:\Users\Eric\Downloads\Fightcade-win32-latest.exe
2021-06-03 20:23 - 2021-06-03 20:23 - 000000000 ____D C:\Users\Eric\AppData\Local\CipSoft GmbH
2021-06-03 20:23 - 2021-06-03 20:23 - 000000000 ____D C:\Users\Eric\AppData\Local\cache
2021-06-03 20:22 - 2021-06-03 20:22 - 000000000 ____D C:\Users\Eric\AppData\Local\BattlEye
2021-06-03 20:19 - 2021-06-04 16:38 - 000000000 ____D C:\Users\Eric\AppData\Local\Tibia
2021-06-03 20:19 - 2021-06-03 20:19 - 008071352 _____ C:\Users\Eric\Downloads\Tibia_Setup.exe
2021-06-03 20:19 - 2021-06-03 20:19 - 000001127 _____ C:\Users\Eric\Desktop\Tibia.lnk
2021-06-03 20:19 - 2021-06-03 20:19 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia
2021-06-03 20:18 - 2021-06-03 20:18 - 000000000 ____D C:\Users\Eric\Desktop\emergency broad band
2021-05-31 12:51 - 2021-05-31 12:51 - 000000221 _____ C:\Users\Eric\Desktop\The Elder Scrolls IV Oblivion.url
2021-05-30 16:36 - 2021-05-30 16:36 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-05-30 16:36 - 2021-05-30 16:36 - 000000000 ____D C:\Program Files\MSBuild
2021-05-30 16:36 - 2021-05-30 16:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-05-30 16:36 - 2021-05-30 16:36 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-05-30 15:17 - 2021-05-30 15:17 - 000000223 _____ C:\Users\Eric\Desktop\DOOM 64.url
2021-05-30 14:35 - 2021-05-30 14:35 - 000000222 _____ C:\Users\Eric\Desktop\DOOM 3 BFG Edition.url
2021-05-30 14:24 - 2021-01-09 15:39 - 000002730 _____ C:\Users\Eric\Downloads\readme.txt
2021-05-30 14:24 - 2019-12-05 14:57 - 000000000 ____D C:\Users\Eric\Downloads\Master Levels of Doom
2021-05-30 14:24 - 2019-12-05 14:54 - 000000000 ____D C:\Users\Eric\Downloads\Ultimate Doom
2021-05-30 14:24 - 2019-12-05 14:54 - 000000000 ____D C:\Users\Eric\Downloads\Final Doom
2021-05-30 14:24 - 2019-12-05 14:54 - 000000000 ____D C:\Users\Eric\Downloads\Doom 2
2021-05-30 14:20 - 2021-05-30 14:20 - 001672610 _____ C:\Users\Eric\Downloads\doom_conv_patch_1.2.7z
2021-05-29 13:30 - 2021-05-30 19:31 - 000000000 ____D C:\Users\Eric\AppData\Roaming\dvdcss
2021-05-28 16:46 - 2021-05-28 16:46 - 000000000 ____D C:\Users\Eric\AppData\Local\ElevatedDiagnostics
2021-05-27 18:24 - 2021-05-27 18:24 - 000000000 ____D C:\Users\Eric\AppData\LocalLow\Bethesda Softworks
2021-05-26 08:38 - 2021-05-26 08:38 - 000000000 ____D C:\ProgramData\Oracle
2021-05-26 08:20 - 2021-06-03 20:59 - 000000000 ____D C:\Program Files (x86)\Steam
2021-05-26 08:20 - 2021-05-26 08:20 - 000001036 _____ C:\Users\Public\Desktop\Steam.lnk
2021-05-26 08:20 - 2021-05-26 08:20 - 000001036 _____ C:\ProgramData\Desktop\Steam.lnk
2021-05-25 10:45 - 2021-05-25 10:45 - 000000000 ____D C:\Windows\system32\appmgmt
2021-05-25 10:18 - 2021-05-25 10:18 - 000220752 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-05-25 10:12 - 2021-05-25 10:12 - 000000000 ____D C:\Program Files\Intel
2021-05-25 09:58 - 2021-05-25 09:58 - 000003786 _____ C:\Windows\system32\Tasks\Intelligent StandbyList Cleaner
2021-05-24 23:30 - 2021-05-25 09:53 - 000000000 ____D C:\Users\Eric\AppData\Local\authy
2021-05-24 23:30 - 2021-05-24 23:30 - 000002403 _____ C:\Users\Eric\Desktop\Authy Desktop.lnk
2021-05-24 23:30 - 2021-05-24 23:30 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twilio Inc
2021-05-24 20:55 - 2021-05-24 20:55 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-05-24 20:55 - 2021-05-24 20:55 - 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-05-24 20:55 - 2021-05-24 20:55 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-05-24 20:55 - 2021-05-24 20:55 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-24 20:55 - 2021-05-24 20:55 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-24 20:55 - 2021-05-24 20:55 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-24 20:48 - 2021-05-24 20:48 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-24 20:48 - 2021-05-24 20:48 - 000002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-24 20:48 - 2021-05-24 20:48 - 000002282 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-24 20:44 - 2021-05-25 09:44 - 000003406 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-05-24 20:44 - 2021-05-25 09:44 - 000003182 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-05-24 18:41 - 2021-05-24 23:31 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Authy Desktop
2021-05-24 13:22 - 2021-05-24 13:22 - 000000000 ____D C:\Program Files\Google
2021-05-24 13:20 - 2021-05-24 13:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-05-24 13:19 - 2021-05-24 13:37 - 000000000 ____D C:\Users\Eric\AppData\Local\Google
2021-05-22 19:41 - 2021-05-31 13:23 - 000000000 ____D C:\Users\Eric\AppData\Local\RuneLite
2021-05-22 19:41 - 2021-05-22 19:41 - 000001179 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneLite.lnk
2021-05-22 19:41 - 2021-05-22 19:41 - 000001171 _____ C:\Users\Eric\Desktop\RuneLite.lnk
2021-05-22 19:20 - 2021-05-22 19:20 - 000000000 ___HD C:\$SysReset
2021-05-22 18:24 - 2021-05-22 18:24 - 000000000 ____D C:\Users\Eric\AppData\Local\NVIDIA
2021-05-22 17:55 - 2021-05-31 13:23 - 000000043 _____ C:\Users\Eric\jagex_cl_oldschool_LIVE.dat
2021-05-22 17:55 - 2021-05-31 13:23 - 000000024 _____ C:\Users\Eric\random.dat
2021-05-22 17:55 - 2021-05-22 17:55 - 000000000 ____D C:\Users\Eric\jagexcache
2021-05-22 17:54 - 2021-05-31 13:24 - 000000000 ____D C:\Users\Eric\.runelite
2021-05-22 12:59 - 2021-06-04 16:53 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-22 12:59 - 2021-05-22 13:00 - 000000000 ____D C:\Users\Eric\AppData\Local\NVIDIA Profile Inspector
2021-05-22 12:58 - 2021-05-22 12:58 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-05-21 17:03 - 2021-05-21 17:05 - 000000000 ____D C:\ProgramData\Jagex
2021-05-21 12:03 - 2021-05-30 16:21 - 000000000 ____D C:\Users\Eric\AppData\Local\CrashDumps
2021-05-21 11:56 - 2021-05-21 11:56 - 000000000 ____D C:\Users\Eric\AppData\Local\mbam
2021-05-21 11:56 - 2021-05-21 11:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-21 11:55 - 2021-05-21 11:55 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-21 11:34 - 2021-05-22 19:55 - 000000000 ____D C:\Users\Eric\AppData\Local\D3DSCache
2021-05-21 11:23 - 2021-05-21 11:23 - 000000000 ____D C:\Users\Eric\AppData\Roaming\HelloGames
2021-05-20 22:26 - 2021-05-31 12:51 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-05-20 22:05 - 2021-05-20 22:05 - 000000000 ____D C:\Users\Eric\AppData\Local\Steam
2021-05-20 22:05 - 2021-05-20 22:05 - 000000000 ____D C:\Users\Eric\AppData\Local\CEF
2021-05-20 22:01 - 2021-05-26 08:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-05-19 14:52 - 2021-05-19 14:52 - 000000000 ____D C:\Users\Eric\AppData\LocalLow\Ookla
2021-05-19 14:45 - 2021-06-04 17:18 - 000003782 __RSH C:\ProgramData\ntuser.pol
2021-05-19 12:33 - 2021-05-19 12:33 - 000000000 ____D C:\Users\Eric\AppData\Local\OO Software
2021-05-19 10:05 - 2021-05-26 11:19 - 000000000 ____D C:\Users\Eric\AppData\LocalLow\Mozilla
2021-05-19 10:05 - 2021-05-26 11:19 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-19 10:05 - 2021-05-19 10:05 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Mozilla
2021-05-19 10:05 - 2021-05-19 10:05 - 000000000 ____D C:\Users\Eric\AppData\Local\Mozilla
2021-05-19 10:01 - 2021-05-31 10:43 - 000000000 ____D C:\Users\Eric\AppData\Roaming\vlc
2021-05-19 09:58 - 2021-06-03 10:53 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-19 09:58 - 2021-05-22 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2021-05-19 09:58 - 2021-05-22 19:31 - 000000000 ____D C:\Program Files (x86)\GlassWire
2021-05-19 09:58 - 2021-05-19 09:58 - 000001974 _____ C:\Users\Public\Desktop\GlassWire.lnk
2021-05-19 09:58 - 2021-05-19 09:58 - 000001974 _____ C:\ProgramData\Desktop\GlassWire.lnk
2021-05-19 09:58 - 2021-05-19 09:58 - 000000000 ____D C:\Users\Eric\AppData\Roaming\WinRAR
2021-05-19 09:58 - 2021-05-19 09:58 - 000000000 ____D C:\Users\Eric\AppData\Local\glasswire
2021-05-19 09:58 - 2021-05-19 09:58 - 000000000 ____D C:\ProgramData\GlassWire
2021-05-19 09:58 - 2015-05-29 03:30 - 000008392 _____ C:\Windows\system32\Drivers\gwdrv.cat
2021-05-19 09:58 - 2015-05-29 03:15 - 000033152 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2021-05-19 09:57 - 2021-05-19 09:57 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-05-19 09:57 - 2021-05-19 09:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-05-19 09:57 - 2021-05-19 09:57 - 000000000 ____D C:\Program Files\WinRAR
2021-05-19 09:54 - 2021-04-06 14:37 - 001403760 _____ (O&O Software GmbH) C:\Users\Eric\Desktop\OOSU10.exe
2021-05-19 09:53 - 2021-05-25 11:35 - 000000000 ____D C:\Users\Eric\AppData\Roaming\discord
2021-05-19 09:53 - 2021-05-25 11:35 - 000000000 ____D C:\Users\Eric\AppData\Local\Discord
2021-05-19 09:53 - 2021-05-25 09:53 - 000000000 ____D C:\Users\Eric\AppData\Local\SquirrelTemp
2021-05-19 09:53 - 2021-05-22 19:30 - 000000000 ____D C:\Windows\system32\lxss
2021-05-19 09:53 - 2021-05-19 09:53 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-05-19 09:51 - 2021-04-23 21:08 - 000038640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2021-05-19 09:50 - 2021-04-27 17:16 - 001855192 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-05-19 09:50 - 2021-04-27 17:16 - 001855192 _____ C:\Windows\system32\vulkaninfo.exe
2021-05-19 09:50 - 2021-04-27 17:16 - 001453344 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-05-19 09:50 - 2021-04-27 17:16 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-05-19 09:50 - 2021-04-27 17:16 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-05-19 09:50 - 2021-04-27 17:16 - 001192736 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-05-19 09:50 - 2021-04-27 17:16 - 001094880 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-05-19 09:50 - 2021-04-27 17:16 - 001094880 _____ C:\Windows\system32\vulkan-1.dll
2021-05-19 09:50 - 2021-04-27 17:16 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-05-19 09:50 - 2021-04-27 17:16 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-05-19 09:50 - 2021-04-27 17:13 - 000715544 _____ C:\Windows\system32\nvofapi64.dll
2021-05-19 09:50 - 2021-04-27 17:13 - 000626976 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-05-19 09:50 - 2021-04-27 17:13 - 000575760 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-05-19 09:50 - 2021-04-27 17:12 - 002106144 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-05-19 09:50 - 2021-04-27 17:12 - 001590560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-05-19 09:50 - 2021-04-27 17:12 - 001514784 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-05-19 09:50 - 2021-04-27 17:12 - 001166112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-05-19 09:50 - 2021-04-27 17:12 - 000811808 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-05-19 09:50 - 2021-04-27 17:12 - 000689952 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-05-19 09:50 - 2021-04-27 17:12 - 000675104 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-05-19 09:50 - 2021-04-27 17:12 - 000656160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-05-19 09:50 - 2021-04-27 17:12 - 000564000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-05-19 09:50 - 2021-04-27 17:11 - 008317232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-05-19 09:50 - 2021-04-27 17:11 - 007434032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-05-19 09:50 - 2021-04-27 17:11 - 004795152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-05-19 09:50 - 2021-04-27 17:11 - 002823472 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-05-19 09:50 - 2021-04-27 17:11 - 000445744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-05-19 09:50 - 2021-04-27 17:10 - 000848664 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-05-19 09:50 - 2021-04-27 17:09 - 006159176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-05-19 09:50 - 2021-04-23 21:08 - 000087164 _____ C:\Windows\system32\nvinfo.pb
2021-05-19 09:46 - 2021-05-19 10:05 - 000000000 ____D C:\Users\Eric\AppData\Local\PlaceholderTileLogoFolder
2021-05-19 00:59 - 2021-05-25 09:53 - 000000000 ____D C:\Windows\Panther
2021-05-19 00:15 - 2021-05-19 00:15 - 000000000 ____D C:\Users\Eric\AppData\Local\PeerDistRepub
2021-05-19 00:15 - 2021-05-19 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2021-05-19 00:15 - 2021-05-19 00:15 - 000000000 ____D C:\Program Files (x86)\PdaNet for Android
2021-05-19 00:15 - 2017-08-12 19:45 - 000045160 _____ (June Fabrics Technology Inc.) C:\Windows\system32\Drivers\pneteth.sys
2021-05-19 00:14 - 2021-05-19 00:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-05-19 00:08 - 2021-05-19 00:08 - 000000000 ____D C:\Users\Eric\AppData\Local\Comms
2021-05-19 00:07 - 2021-05-19 00:07 - 000000000 ___RD C:\Users\Eric\OneDrive
2021-05-19 00:07 - 2021-05-19 00:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-05-19 00:06 - 2021-06-04 16:19 - 000840878 _____ C:\Windows\system32\PerfStringBackup.INI
2021-05-19 00:05 - 2021-06-04 16:13 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-05-19 00:05 - 2021-06-04 16:12 - 000000000 ____D C:\Users\Eric
2021-05-19 00:05 - 2021-05-23 03:25 - 000000000 ____D C:\ProgramData\Packages
2021-05-19 00:05 - 2021-05-23 03:17 - 000000000 ____D C:\Users\Eric\AppData\Local\Packages
2021-05-19 00:05 - 2021-05-19 11:13 - 000000000 ____D C:\Users\Eric\AppData\Local\ConnectedDevicesPlatform
2021-05-19 00:05 - 2021-05-19 00:05 - 000000020 ___SH C:\Users\Eric\ntuser.ini
2021-05-19 00:05 - 2021-05-19 00:05 - 000000000 ___RD C:\Users\Eric\3D Objects
2021-05-19 00:05 - 2021-05-19 00:05 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Adobe
2021-05-19 00:05 - 2021-05-19 00:05 - 000000000 ____D C:\Users\Eric\AppData\Local\VirtualStore
2021-05-19 00:05 - 2021-05-19 00:05 - 000000000 ____D C:\Users\Eric\AppData\Local\Publishers
2021-05-19 00:03 - 2021-05-19 00:03 - 000000000 ____D C:\Windows\CSC
2021-05-19 00:01 - 2021-05-19 00:01 - 000000000 _SHDL C:\Documents and Settings
2021-05-19 00:00 - 2021-06-04 16:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-05-19 00:00 - 2021-06-04 10:56 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-05-19 00:00 - 2021-05-25 09:44 - 000003468 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-19 00:00 - 2021-05-25 09:44 - 000003244 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-19 00:00 - 2021-05-22 19:42 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-19 00:00 - 2021-05-19 11:15 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-05-19 00:00 - 2021-05-19 00:00 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-05-19 00:00 - 2021-05-19 00:00 - 000000000 ____D C:\Windows\ServiceProfiles
2021-05-18 23:59 - 2021-06-04 16:12 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-18 23:59 - 2021-05-19 11:05 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2021-05-18 22:22 - 2021-05-23 21:10 - 000000000 ____D C:\Users\Eric\medivia
2021-05-18 22:22 - 2021-05-18 22:22 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-05-18 22:22 - 2021-05-18 22:22 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-05-18 22:22 - 2021-05-18 22:22 - 001823816 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-05-18 22:22 - 2021-05-18 22:22 - 001687040 _____ C:\Windows\system32\libcrypto.dll
2021-05-18 22:22 - 2021-05-18 22:22 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-05-18 22:22 - 2021-05-18 22:22 - 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-05-18 22:22 - 2021-05-18 22:22 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-05-18 22:22 - 2021-05-18 22:22 - 000700928 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-05-18 22:22 - 2021-05-18 22:22 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-05-18 22:22 - 2021-05-18 22:22 - 000157184 _____ C:\Windows\system32\uwfcsp.dll
2021-05-18 22:22 - 2021-05-18 22:22 - 000153600 _____ C:\Windows\system32\uwfcfgmgmt.dll
2021-05-18 22:22 - 2021-05-18 22:22 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-05-18 22:22 - 2021-05-18 22:22 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-05-18 22:22 - 2021-05-18 22:22 - 000011351 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-05-18 22:16 - 2021-05-18 22:17 - 000000000 ____D C:\Windows\system32\MRT
2021-05-18 21:31 - 2021-06-01 17:02 - 000000446 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2021-05-18 21:30 - 2019-10-30 02:20 - 005623256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPOU64.dll
2021-05-18 21:30 - 2019-10-30 02:20 - 001126344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtCOM64.dll
2021-05-18 21:30 - 2019-10-30 02:20 - 000481888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2021-05-18 21:30 - 2019-10-29 23:20 - 000856288 _____ (Realtek Semiconductor) C:\Windows\system32\RtkAudUService64.exe
2021-05-18 21:30 - 2019-10-29 23:20 - 000821336 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64U.dll
2021-05-18 21:30 - 2019-10-29 23:20 - 000215032 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2021-05-18 21:27 - 2021-05-22 19:31 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2021-05-18 21:27 - 2021-05-22 19:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-05-18 21:27 - 2021-05-22 19:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-05-18 21:26 - 2021-04-27 17:09 - 007212232 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-05-18 21:26 - 2021-04-23 21:08 - 000135408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2021-05-18 21:26 - 2020-10-07 13:34 - 000816368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2021-05-18 21:26 - 2020-10-07 13:32 - 005519600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2021-05-18 21:19 - 2021-05-18 21:19 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-04 17:47 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2021-06-04 16:29 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-06-04 16:29 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-04 16:19 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2021-06-04 16:13 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-06-04 16:12 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-05-31 19:15 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-05-30 16:36 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2021-05-25 09:54 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\MsDtc
2021-05-25 00:34 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-25 00:34 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\registration
2021-05-24 20:55 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-05-24 20:35 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2021-05-24 17:34 - 2019-12-07 05:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-05-22 19:31 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-05-22 19:31 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism
2021-05-22 19:31 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\appcompat
2021-05-19 14:44 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2021-05-19 11:15 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-05-19 11:04 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-19 11:04 - 2019-12-07 05:51 - 000000000 ____D C:\Windows\system32\OpenSSH
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\DiagTrack
2021-05-19 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2021-05-19 10:00 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-05-19 00:59 - 2019-12-07 05:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2021-05-19 00:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-05-19 00:03 - 2019-12-07 05:51 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-05-19 00:03 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\spool
2021-05-19 00:00 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-05-18 22:24 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-05-18 22:24 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\servicing
2021-05-18 21:22 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

ADDITION LOG

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-06-2021
Ran by Eric (04-06-2021 18:01:30)
Running from C:\Users\Eric\Desktop
Windows 10 Pro Version 21H1 19043.985 (X64) (2021-05-19 04:02:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1827097913-1817216829-3116216233-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1827097913-1817216829-3116216233-503 - Limited - Disabled)
Eric (S-1-5-21-1827097913-1817216829-3116216233-1001 - Administrator - Enabled) => C:\Users\Eric
eric2 (S-1-5-21-1827097913-1817216829-3116216233-1002 - Limited - Enabled) => C:\Users\eric2
Guest (S-1-5-21-1827097913-1817216829-3116216233-501 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1827097913-1817216829-3116216233-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Authy Desktop (HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\...\authy) (Version: 1.8.3 - Twilio Inc.)
Documentation Manager (HKLM\...\{0203C24C-452D-4344-871F-DE3C7B49C328}) (Version: 22.40.0.7 - Intel Corporation) Hidden
GlassWire 2.2 (remove only) (HKLM-x32\...\GlassWire 2.2) (Version: 2.2.304 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Intel® Software Installer (HKLM-x32\...\{3933e30f-0de2-4fee-8a5e-28c71ea7f121}) (Version: 22.40.0.7 - Intel Corporation) Hidden
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.66 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1827097913-1817216829-3116216233-1002\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033 (HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 - Microsoft Corporation)
NVIDIA Graphics Driver 466.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.27 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
PdaNet+ for Android 5.23 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology)
RuneLite (HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\...\RuneLite Launcher_is1) (Version: 2.1.7 - RuneLite)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tibia (HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\...\Tibia) (Version:  - CipSoft GmbH)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)

Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-06-04] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-06-04] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2021-06-04] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1827097913-1817216829-3116216233-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827097913-1817216829-3116216233-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Eric\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827097913-1817216829-3116216233-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\nvshext.dll [2021-04-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1827097913-1817216829-3116216233-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-1827097913-1817216829-3116216233-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-1827097913-1817216829-3116216233-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2021-05-18 21:31 - 2021-06-01 17:02 - 000000446 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Eric\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\233.jpg
HKU\S-1-5-21-1827097913-1817216829-3116216233-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D28B453C-6D37-4BFB-933D-17C497F35288}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{37DF3689-DC34-4B55-8417-F191F64DEBF0}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{B319CE91-9DDB-4956-A23D-A538A80412F1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A0AA1841-968E-4282-AF28-543BBF9DAF9C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E9631C47-CDD6-45A6-967D-3D8671E977F9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{71139CDB-41F5-48D6-B02B-0D0FD0141EF4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A7871E16-55FD-46C3-BF47-9EB591B19144}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1E81C81A-963C-4003-B621-2376A8357E59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{40346FE1-6CA6-4522-8C2C-15B22DEAECE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{5A35CB24-16C6-47A2-A57F-9DC719D1F3A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\rerelease\DOOM.exe () [File not signed]
FirewallRules: [{BDF83B49-1D92-4B29-BF18-153376968AA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\rerelease\DOOM.exe () [File not signed]
FirewallRules: [{35186690-1A9E-40AF-AEBB-BD860464B4B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe (DOSBox Team) [File not signed]
FirewallRules: [{395C4CE4-2956-48AC-AFB3-20FF71F258AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe (DOSBox Team) [File not signed]
FirewallRules: [{4A3777C0-2803-40B8-BEDB-A89824304701}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe (DOSBox Team) [File not signed]
FirewallRules: [{8EA9F059-63B7-4BE3-A2CE-740F4CA0E34C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe (DOSBox Team) [File not signed]
FirewallRules: [{3D654AF5-AC36-44EE-8EAE-5C1491210358}] => (Allow) D:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{AD1D15FD-3310-49D1-827C-77E0B2BEC971}] => (Allow) D:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{274C20B0-7CA9-40AB-B6DA-F8BE7EA52022}] => (Allow) D:\SteamLibrary\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{E1D586CA-CF61-4DB8-AD7E-0E5DAC4CCD8E}] => (Allow) D:\SteamLibrary\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{3516D071-3EDD-467A-9AF5-BCA5B6AF4124}] => (Allow) D:\SteamLibrary\steamapps\common\LowMagicAge\low_magic_age.exe () [File not signed]
FirewallRules: [{7519572D-E28B-42B3-BF63-B9213A7A46F0}] => (Allow) D:\SteamLibrary\steamapps\common\LowMagicAge\low_magic_age.exe () [File not signed]
FirewallRules: [{AE34247A-C4F4-42BA-85A5-828ECE8DF1FB}] => (Allow) D:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe () [File not signed]
FirewallRules: [{8C5AB436-5E3C-4BE6-9328-3A98172D34C1}] => (Allow) D:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe () [File not signed]
FirewallRules: [{DD19115A-D02F-430F-BF72-2EC244A5FC07}] => (Allow) D:\SteamLibrary\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{3AFD0E85-E751-4313-8347-8741E61C72B2}] => (Allow) D:\SteamLibrary\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{3BF17697-6BBC-41C2-ADCF-86A994BEBD71}] => (Allow) D:\SteamLibrary\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{D9466AC5-A382-4A9A-8C73-58FCAB2BBA80}] => (Allow) D:\SteamLibrary\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{431349BC-3328-4BEC-A904-058E97255D24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe (Bethesda Softworks -> id Software LLC, a ZeniMax Media company) [File not signed]
FirewallRules: [{84B4B5E1-262B-453C-B377-448942BFAEA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe (Bethesda Softworks -> id Software LLC, a ZeniMax Media company) [File not signed]
FirewallRules: [{BE3DCF59-E3D6-429F-8608-78DD68D9A806}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 64\DOOM64_x64.exe () [File not signed]
FirewallRules: [{31AD5BA3-86BF-4DC9-B640-CD8FB2E0589E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 64\DOOM64_x64.exe () [File not signed]

==================== Restore Points =========================

22-05-2021 21:05:39 Scheduled Checkpoint
25-05-2021 09:32:45 backup adamx 5/25/21
25-05-2021 09:34:26 Removed Speedtest by Ookla
25-05-2021 10:09:17 Installed Intel(R) Network Connections.
25-05-2021 10:45:01 Removed Speedtest by Ookla
25-05-2021 11:36:25 Windows Modules Installer
30-05-2021 16:26:31 Installed DirectX
30-05-2021 16:26:53 Windows Modules Installer
03-06-2021 10:52:44 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
04-06-2021 14:32:57 Installed DirectX
04-06-2021 17:21:42 O&O ShutUp10

==================== Faulty Device Manager Devices ============

Name: PdaNet Broadband Adapter
Description: PdaNet Broadband Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: June Fabrics Technology Inc.
Service: pneteth
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/30/2021 04:21:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dosbox.exe, version: 0.74.3.0, time stamp: 0x5d136ad9
Faulting module name: ntdll.dll, version: 10.0.19041.964, time stamp: 0xb7db0838
Exception code: 0xc0000005
Fault offset: 0x00043bdc
Faulting process id: 0xc40
Faulting application start time: 0x01d75588e5ab1adc
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 468bd48e-c917-41b7-88e7-5f347bbb9aaf
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/30/2021 02:13:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dosbox.exe, version: 0.72.0.0, time stamp: 0x46d1bcb8
Faulting module name: ntdll.dll, version: 10.0.19041.964, time stamp: 0xb7db0838
Exception code: 0xc0000005
Fault offset: 0x00043bdc
Faulting process id: 0x2520
Faulting application start time: 0x01d75577315eb9de
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: d01b9855-3800-4a97-8892-612ceaa3a40f
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/30/2021 01:13:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dosbox.exe, version: 0.72.0.0, time stamp: 0x46d1bcb8
Faulting module name: ntdll.dll, version: 10.0.19041.964, time stamp: 0xb7db0838
Exception code: 0xc0000005
Fault offset: 0x00043bdc
Faulting process id: 0x166c
Faulting application start time: 0x01d75576d504885d
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: e4813e84-29b6-4fae-93b0-80d37118ea5b
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/29/2021 02:05:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.789, time stamp: 0x4aa1ce82
Faulting module name: msvcrt.dll, version: 7.0.19041.546, time stamp: 0x564f9f39
Exception code: 0x40000015
Fault offset: 0x000000000000ae22
Faulting process id: 0x1ea0
Faulting application start time: 0x01d7544759440380
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\msvcrt.dll
Report Id: 220e4690-e3b1-4320-ad36-c4e073564136
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (05/26/2021 09:16:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.789, time stamp: 0x4aa1ce82
Faulting module name: msvcrt.dll, version: 7.0.19041.546, time stamp: 0x564f9f39
Exception code: 0x40000015
Fault offset: 0x000000000000ae22
Faulting process id: 0x25c4
Faulting application start time: 0x01d752306b62096b
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\msvcrt.dll
Report Id: 9deefd5c-6e57-4eed-8827-c16a2c92ba64
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (05/25/2021 02:13:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.789, time stamp: 0x4aa1ce82
Faulting module name: msvcrt.dll, version: 7.0.19041.546, time stamp: 0x564f9f39
Exception code: 0x40000015
Fault offset: 0x000000000000ae22
Faulting process id: 0x1110
Faulting application start time: 0x01d751918d049073
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\msvcrt.dll
Report Id: 3011ee55-98d2-476d-bcd0-95aee90e9c8c
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (05/25/2021 10:12:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.997, time stamp: 0x609eac42
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0x123c
Faulting application start time: 0x01d7516c5a71f27f
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: fac0cead-470e-4217-9244-b75c4383c67b
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/25/2021 10:09:40 AM) (Source: MsiInstaller) (EventID: 1013) (User: DESKTOP-G3UFN9C)
Description: Product: Intel(R) Network Connections -- Intel Ethernet network drivers were not detected. Please download and install the Intel Ethernet driver package and try again.


System errors:
=============
Error: (06/04/2021 10:56:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (06/04/2021 10:56:35 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:50:48 AM on ‎6/‎4/‎2021 was unexpected.

Error: (06/03/2021 06:50:34 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {f044407f-ef6a-48e5-8a2d-4b67e524a6a7}, had event 76

Error: (06/02/2021 03:29:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (06/01/2021 06:41:24 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Microsoft Network Adapter Multiplexor Driver, {00293c80-f272-431d-bd8d-582cce243fde}, had event 76

Error: (06/01/2021 04:42:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (06/01/2021 12:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (05/31/2021 09:31:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
This driver has been blocked from loading


Windows Defender:
================
Date: 2021-05-22 20:00:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-24 20:47:02
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.1227.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2021-05-24 20:47:02
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.1227.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2021-05-24 20:47:02
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.1227.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2021-05-24 20:47:02
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.1227.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2021-05-24 20:47:02
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.1227.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

CodeIntegrity:
===============
Date: 2021-05-25 10:12:03
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Eric\Downloads\WiFi_22.40.0_Driver64_Win10.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-05-23 18:56:21
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Users\Eric\Desktop\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. F1 08/17/2020
Motherboard: Gigabyte Technology Co., Ltd. B450M DS3H V2
Processor: AMD Ryzen 5 3600 6-Core Processor 
Percentage of memory in use: 34%
Total physical RAM: 16332.47 MB
Available physical RAM: 10633.16 MB
Total Virtual: 18764.47 MB
Available Virtual: 10759.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.96 GB) (Free:146.29 GB) NTFS
Drive d: (STORAGE) (Fixed) (Total:931.5 GB) (Free:734.77 GB) NTFS
Drive f: (PULP_FICTION) (CDROM) (Total:7.66 GB) (Free:0 GB) UDF

\\?\Volume{34b135c2-ffe7-4b81-9fc9-669f86241efa}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{f2cacc7f-c530-400e-a473-d014e843f830}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 5E9135F9)

Partition: GPT.

==================== End of Addition.txt =======================

Link to post
Share on other sites

  • Root Admin

It's not just Sync that is the issue. It's cache, cookies, search engines, home page settings, extensions, out of date browser, etc. that need checking, cleaning.

As I said, we can do some other scan but nowadays no antivirus programs are allowed to modify certain areas of the browser by change from Google. Once has to do it manually.

 

You can run the following 3rd party antivirus scanner and see if they find anything else

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g. their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.