emoon326 Posted June 27, 2021 ID:1465685 Share Posted June 27, 2021 Hi, was just doing my thing on computer and all the sudden mbam detects this as malware. I used it before, scanned it when it got on my pc didnt detect anything. this program has been on my pc atleast a few weeks The program is cports.exe by nirsoft. For looking at ports on pc. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/27/21 Scan Time: 2:08 AM Log File: 29777a94-d70e-11eb-a467-18c04d7301d3.json -Software Information- Version: 4.4.0.117 Components Version: 1.0.1308 Update Package Version: 1.0.42313 License: Premium -System Information- OS: Windows 10 (Build 19043.1052) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 329056 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 7 min, 0 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.4121930605, C:\USERS\ERIC2\DOWNLOADS\CPORTS.EXE, Quarantined, 1000000, 0, 1.0.42313, 3D84B6BAD289499FF5AFAB6D, dds, 01307831, 285EF3ADE293DF0C78752AE73D2A9EDE, F1BD97C1A4B20A4097688F2485B523DEF4848E3E1F58621C94D88FC74521C003 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) Link to post Share on other sites More sharing options...
emoon326 Posted June 27, 2021 Author ID:1465687 Share Posted June 27, 2021 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2021 Ran by Eric (administrator) on DESKTOP-G3UFN9C (Gigabyte Technology Co., Ltd. B450M DS3H V2) (27-06-2021 02:37:50) Running from C:\Users\eric2\Downloads Loaded Profiles: Eric & eric2 Platform: Windows 10 Pro Version 21H1 19043.1052 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\REDRAGON M711 Gaming Mouse\hid.exe (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe (June Fabrics Technology Inc. -> ) C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11> (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\Display.NvContainer\NVDisplay.Container.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> 0 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21060.9012.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 0 C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbwe\Time.exe 0 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe 0 C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe 0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21052.104.0_x64__8wekyb3d8bbwe\YourPhone.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [REDRAGON M711 Gaming Mouse] => C:\Program Files (x86)\REDRAGON M711 Gaming Mouse\hid.exe [965120 2019-02-21] () [File not signed] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1827097913-1817216829-3116216233-1002\...\Run: [WTFast Tray] => "C:\Program Files (x86)\wtfast\wtfast.exe" trayonly Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2021-05-19] ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (June Fabrics Technology Inc. -> ) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {4A5AC437-92D3-4C60-B1AD-F935812CBB14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4C92780D-CA0A-4094-A5CE-204614AF45FF} - System32\Tasks\Intelligent StandbyList Cleaner => C:\Users\Eric\Desktop\Adamx Windows 10 Optimization Pack\9 Latency (Timer Resolution + Memory Cleaning)\Intelligent Standby List Cleaner\Intelligent standby list cleaner ISLC.exe Task: {560A2C48-FF85-4135-8326-2C07CAAEE17A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {736B436C-B9BB-48D4-8C6F-56222B36A71A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-24] (Mozilla Corporation -> Mozilla Foundation) Task: {B27A6B95-FC8C-4742-BCFB-F26A27A09EA1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D8C3918A-63D2-47FE-AD34-7CC0C4C424A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{052ec528-3413-4830-8f61-0ac074bdef63}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{0bd8b54d-b1b0-4387-8487-6a7059343284}: [DhcpNameServer] 10.42.0.1 Tcpip\..\Interfaces\{22a340e5-4452-4e54-8839-53ffafbb4de5}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{36486400-86ac-433d-8d6a-2254c45a12f6}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{36486400-86ac-433d-8d6a-2254c45a12f6}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{99d5bc22-483e-40a4-8586-f8204b79094f}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{9cd26d0f-460c-437f-b867-8492226c8f3b}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{dc29e276-2a16-44d7-8e6b-c15ff6bfc643}: [DhcpNameServer] 192.168.42.129 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Eric\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-04] FireFox: ======== FF DefaultProfile: 7yqjs7pp.default FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\snj2r4hy.default-release-1 [2021-06-20] FF Homepage: Mozilla\Firefox\Profiles\snj2r4hy.default-release-1 -> about:blank FF Extension: (uBlock Origin) - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\snj2r4hy.default-release-1\Extensions\uBlock0@raymondhill.net.xpi [2021-06-17] FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7yqjs7pp.default [2021-05-19] FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\lid15chk.default-release [2021-05-26] FF Extension: (uBlock Origin) - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\lid15chk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-05-19] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2021-06-03] (BattlEye Innovations e.K. -> ) R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [6646680 2021-02-19] (GlassWire -> SecureMix LLC) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-24] (Malwarebytes Inc -> Malwarebytes) S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-20] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-19] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BCMH43XX; C:\Windows\system32\DRIVERS\AE2500w764.sys [2576632 2016-12-03] (Broadcom Corporation -> Broadcom Corporation) S4 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [199128 2021-05-24] (Malwarebytes Inc -> Malwarebytes) R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-05-25] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-05-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198888 2021-06-26] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-06-26] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-05-24] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [157944 2021-06-26] (Malwarebytes Inc -> Malwarebytes) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2021-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [421112 2021-05-19] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-19] (Microsoft Windows -> Microsoft Corporation) S4 MpKsl8f23dd7d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37897894-F7B8-4B44-B946-629BA743B150}\MpKslDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-06-27 02:37 - 2021-06-27 02:38 - 000011239 _____ C:\Users\eric2\Downloads\FRST.txt 2021-06-27 02:34 - 2021-06-27 02:35 - 000030215 _____ C:\Users\eric2\Desktop\Addition.txt 2021-06-27 02:33 - 2021-06-27 02:38 - 000000000 ____D C:\FRST 2021-06-27 02:33 - 2021-06-27 02:35 - 000034657 _____ C:\Users\eric2\Desktop\FRST.txt 2021-06-27 02:32 - 2021-06-27 02:32 - 002300416 _____ (Farbar) C:\Users\eric2\Downloads\FRST64.exe 2021-06-27 02:30 - 2021-06-27 02:30 - 000001428 _____ C:\Users\eric2\Desktop\mbamlog.txt 2021-06-27 01:27 - 2021-04-06 14:37 - 001403760 _____ (O&O Software GmbH) C:\Users\eric2\Downloads\OOSU10.exe 2021-06-26 17:21 - 2021-06-26 17:21 - 000198888 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2021-06-26 17:21 - 2021-06-26 17:21 - 000157944 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2021-06-26 17:21 - 2021-06-26 17:21 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2021-06-24 17:57 - 2021-06-24 18:01 - 000000762 _____ C:\Users\eric2\Desktop\hunting zones.txt 2021-06-24 11:22 - 2021-06-24 11:22 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2021-06-20 16:37 - 2021-06-20 16:37 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2021-06-20 16:37 - 2021-06-20 16:37 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2021-06-20 16:37 - 2021-06-20 16:37 - 001864192 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll 2021-06-20 16:37 - 2021-06-20 16:37 - 001823792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2021-06-20 16:37 - 2021-06-20 16:37 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2021-06-20 16:37 - 2021-06-20 16:37 - 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi 2021-06-20 16:37 - 2021-06-20 16:37 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2021-06-20 16:37 - 2021-06-20 16:37 - 000468440 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll 2021-06-20 16:37 - 2021-06-20 16:37 - 000451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2021-06-20 16:37 - 2021-06-20 16:37 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2021-06-20 16:37 - 2021-06-20 16:37 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe 2021-06-20 16:37 - 2021-06-20 16:37 - 000011353 _____ C:\Windows\system32\DrtmAuthTxt.wim 2021-06-20 16:36 - 2021-06-20 16:36 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll 2021-06-20 16:36 - 2021-06-20 16:36 - 000657464 _____ C:\Windows\system32\WindowManagementAPI.dll 2021-06-20 16:36 - 2021-06-20 16:36 - 000563712 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2021-06-20 16:36 - 2021-06-20 16:36 - 000287232 _____ C:\Windows\system32\CoreMas.dll 2021-06-20 16:36 - 2021-06-20 16:36 - 000272384 _____ C:\Windows\system32\TpmTool.exe 2021-06-20 16:36 - 2021-06-20 16:36 - 000097280 _____ C:\Windows\system32\Drivers\cimfs.sys 2021-06-19 16:45 - 2021-06-19 16:45 - 010079988 _____ C:\Users\Eric\Downloads\AE2500_win8driver_6.32.145.11.zip 2021-06-19 16:45 - 2021-06-19 16:45 - 000000000 ____D C:\ProgramData\Linksys Systems 2021-06-19 16:45 - 2011-02-16 03:31 - 000000413 _____ C:\Windows\setup.iss 2021-06-19 16:44 - 2021-06-19 16:44 - 043371856 _____ (Linksys LLC) C:\Users\Eric\Downloads\Setup.AE1200.AE2500.2.1.1.0.exe 2021-06-19 16:18 - 2021-06-19 16:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-06-19 16:18 - 2021-06-19 16:18 - 000000000 ____D C:\Program Files (x86)\Realtek 2021-06-19 16:18 - 2021-05-19 14:35 - 001151992 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys 2021-06-19 16:00 - 2021-06-19 16:04 - 004952477 _____ C:\Users\eric2\Downloads\Install_Win10_10050_05212021.zip 2021-06-18 10:56 - 2021-06-18 10:58 - 000000000 ___HD C:\$WINDOWS.~BT 2021-06-18 09:16 - 2021-06-26 17:23 - 000002576 _____ C:\Users\eric2\Desktop\Tibia.bat.lnk 2021-06-18 09:14 - 2021-06-18 09:14 - 000001433 _____ C:\Users\Eric\Desktop\tibia.bat - Shortcut.lnk 2021-06-17 16:21 - 2021-06-17 16:21 - 005830186 _____ C:\Users\Eric\Documents\tib map.zip 2021-06-17 16:21 - 2021-06-17 16:21 - 000015987 _____ C:\Users\Eric\Documents\tibconfig 6-17-21 420pm 2021 thursday.zip 2021-06-17 15:55 - 2021-06-18 07:43 - 000122566 _____ C:\Users\eric2\Desktop\clientoptions__18_06_2021__09_15_28.json 2021-06-17 15:55 - 2021-06-18 07:04 - 000121862 _____ C:\Users\Eric\Desktop\clientoptions__18_06_2021__07_05_25.json 2021-06-17 15:55 - 2021-06-17 17:04 - 000121861 _____ C:\Users\Eric\Desktop\clientoptions__18_06_2021__06_55_04.json 2021-06-17 15:55 - 2021-06-17 17:04 - 000121861 _____ C:\Users\Eric\Desktop\clientoptions__17_06_2021__17_04_26.json 2021-06-17 15:54 - 2021-06-26 17:27 - 000000000 ____D C:\Users\Eric\Desktop\Tibia 2021-06-17 15:49 - 2021-06-17 15:50 - 005924932 _____ C:\Users\Eric\Downloads\minimap-with-markers.zip 2021-06-17 15:14 - 2021-06-17 15:14 - 000003081 _____ C:\Users\Eric\Desktop\FirstBackup.spg 2021-06-17 15:13 - 2021-06-17 15:13 - 000003081 _____ C:\Users\Eric\Desktop\default tibia.spg 2021-06-17 15:11 - 2021-06-17 15:11 - 000000741 _____ C:\Users\Eric\Desktop\Fightcade2.lnk 2021-06-17 12:05 - 2021-06-17 12:05 - 001502943 _____ C:\Windows\unins000.exe 2021-06-17 12:02 - 2021-06-17 12:10 - 000000000 ____D C:\Users\Eric\Documents\M711 Gaming Mouse 2021-06-17 12:02 - 2021-06-17 12:05 - 000085730 _____ C:\Windows\unins000.dat 2021-06-17 12:02 - 2021-06-17 12:05 - 000001187 _____ C:\Users\Eric\Desktop\REDRAGON M711.lnk 2021-06-17 12:02 - 2021-06-17 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REDRAGON M711 2021-06-17 12:02 - 2021-06-17 12:05 - 000000000 ____D C:\Program Files (x86)\REDRAGON M711 Gaming Mouse 2021-06-17 12:02 - 2019-02-21 12:02 - 003538829 _____ ( ) C:\Users\Eric\Desktop\setup.exe 2021-06-17 11:48 - 2021-06-17 11:48 - 003241540 _____ C:\Users\Eric\Desktop\REDRAGON_M711_Gaming_Mouse_20190221_2710_HT560_P3325.rar 2021-06-17 11:43 - 2021-06-17 11:44 - 082160960 _____ (AAA Internet Publishing Inc. ) C:\Users\eric2\Downloads\wtfastsetup.5.3.2.exe 2021-06-17 09:52 - 2021-06-18 07:13 - 000000000 ____D C:\Users\eric2\AppData\Local\AAA_Internet_Publishing_I 2021-06-17 09:52 - 2021-06-18 07:13 - 000000000 ____D C:\Program Files (x86)\wtfast 2021-06-17 09:52 - 2021-06-17 09:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WtfEngineDrv_01009.Wdf 2021-06-17 09:50 - 2021-06-17 09:51 - 046293280 _____ ( ) C:\Users\eric2\Downloads\wtfastsetup.4.16.0.1902.exe 2021-06-16 09:42 - 2021-06-16 09:42 - 000000000 ____D C:\Users\eric2\Documents\My Games 2021-06-16 09:36 - 2021-06-16 09:36 - 000000000 ____D C:\Users\eric2\AppData\Local\Steam 2021-06-16 09:36 - 2021-06-16 09:36 - 000000000 ____D C:\Users\eric2\AppData\Local\CEF 2021-06-15 18:44 - 2021-06-19 16:27 - 000000000 ____D C:\Users\eric2\AppData\Local\CrashDumps 2021-06-15 18:18 - 2021-06-15 18:18 - 000684032 _____ (Speed Guide Inc.) C:\Users\Eric\Desktop\TCPOptimizer.exe 2021-06-15 18:12 - 2021-06-15 18:12 - 000000000 ____D C:\Program Files\Intel 2021-06-15 18:11 - 2021-06-15 18:12 - 032286560 _____ (Intel Corporation) C:\Users\Eric\Downloads\WiFi_22.50.1_Driver64_Win10.exe 2021-06-13 14:39 - 2021-06-13 14:39 - 000000000 ____D C:\Users\eric2\Downloads\rufus_files 2021-06-13 14:16 - 2021-06-13 14:16 - 001173560 _____ (Akeo Consulting) C:\Users\eric2\Downloads\rufus-3.14.exe 2021-06-13 13:18 - 2021-06-13 13:59 - 2877227008 _____ C:\Users\eric2\Downloads\ubuntu-20.04.2.0-desktop-amd64.iso 2021-06-12 17:51 - 2021-06-12 17:51 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-06-11 13:57 - 2021-06-19 14:00 - 000000000 ____D C:\Users\eric2\Documents\Fightcade 2021-06-11 12:56 - 2021-06-11 12:56 - 000000000 ____D C:\Users\eric2\AppData\Local\PeerDistRepub 2021-06-11 12:53 - 2021-06-20 08:30 - 000000000 ____D C:\Users\eric2\AppData\Roaming\fightcade-nativefier-b096d2 2021-06-11 12:48 - 2021-06-19 14:00 - 000000766 _____ C:\Users\eric2\AppData\Roaming\Microsoft\Windows\Start Menu\Fightcade2.lnk 2021-06-11 12:48 - 2021-06-19 14:00 - 000000742 _____ C:\Users\eric2\Desktop\Fightcade2.lnk 2021-06-05 11:06 - 2021-06-05 11:08 - 000000000 ____D C:\Users\eric2\Documents\M711 Gaming Mouse 2021-06-05 11:05 - 2021-06-05 11:05 - 000000000 ____D C:\Users\eric2\AppData\Local\mbam 2021-06-05 02:01 - 2021-06-05 02:01 - 000000000 ____D C:\Users\eric2\AppData\Local\NVIDIA 2021-06-04 19:47 - 2021-06-27 02:17 - 000000000 ____D C:\Users\eric2\AppData\LocalLow\Mozilla 2021-06-04 19:47 - 2021-06-24 20:38 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-06-04 19:47 - 2021-06-24 20:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-06-04 19:47 - 2021-06-24 11:22 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-06-04 19:47 - 2021-06-04 19:47 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk 2021-06-04 19:47 - 2021-06-04 19:47 - 000000993 _____ C:\ProgramData\Desktop\Firefox.lnk 2021-06-04 19:47 - 2021-06-04 19:47 - 000000000 ____D C:\Users\eric2\AppData\Roaming\Mozilla 2021-06-04 19:47 - 2021-06-04 19:47 - 000000000 ____D C:\Users\eric2\AppData\Local\Mozilla 2021-06-04 19:43 - 2021-06-04 19:43 - 000000264 _____ C:\Users\Eric\Documents\eset.txt 2021-06-04 19:10 - 2021-06-04 19:10 - 000001610 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-06-04 19:10 - 2021-06-04 19:10 - 000001427 _____ C:\Users\eric2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-06-04 19:10 - 2021-06-04 19:10 - 000000000 ____D C:\Users\eric2\AppData\Local\ESET 2021-06-04 19:10 - 2021-06-04 19:10 - 000000000 ____D C:\Users\Eric\AppData\Local\ESET 2021-06-04 16:50 - 2021-06-04 16:50 - 000000000 ____D C:\Users\eric2\AppData\Local\OO Software 2021-06-04 16:38 - 2021-06-04 16:38 - 000000000 ____D C:\Users\eric2\AppData\Local\CipSoft GmbH 2021-06-04 16:38 - 2021-06-04 16:38 - 000000000 ____D C:\Users\eric2\AppData\Local\cache 2021-06-04 16:38 - 2021-06-04 16:38 - 000000000 ____D C:\Users\eric2\AppData\Local\BattlEye 2021-06-04 16:31 - 2021-06-04 16:31 - 000000000 ____D C:\Users\eric2\AppData\Roaming\WinRAR 2021-06-04 16:29 - 2021-06-04 16:29 - 000000000 ____D C:\Users\eric2\AppData\Local\Comms 2021-06-04 16:19 - 2021-06-04 16:26 - 000000000 ____D C:\Users\eric2\AppData\Local\Google 2021-06-04 16:18 - 2021-06-04 16:18 - 000000000 ____D C:\Users\eric2\AppData\Local\PlaceholderTileLogoFolder 2021-06-04 16:17 - 2021-06-18 09:22 - 000000000 ___RD C:\Users\eric2\OneDrive 2021-06-04 16:13 - 2021-06-26 12:26 - 000000000 ____D C:\Users\eric2 2021-06-04 16:13 - 2021-06-18 09:29 - 000000000 ____D C:\Users\eric2\AppData\Local\D3DSCache 2021-06-04 16:13 - 2021-06-18 09:22 - 000000000 ____D C:\Users\eric2\AppData\Local\Packages 2021-06-04 16:13 - 2021-06-17 11:49 - 000000000 ____D C:\Users\eric2\AppData\Local\VirtualStore 2021-06-04 16:13 - 2021-06-04 19:07 - 000000000 ____D C:\Users\eric2\AppData\Local\glasswire 2021-06-04 16:13 - 2021-06-04 16:13 - 000000020 ___SH C:\Users\eric2\ntuser.ini 2021-06-04 16:13 - 2021-06-04 16:13 - 000000000 ___RD C:\Users\eric2\3D Objects 2021-06-04 16:13 - 2021-06-04 16:13 - 000000000 ____D C:\Users\eric2\AppData\Roaming\Adobe 2021-06-04 16:13 - 2021-06-04 16:13 - 000000000 ____D C:\Users\eric2\AppData\Local\Publishers 2021-06-04 16:13 - 2021-06-04 16:13 - 000000000 ____D C:\Users\eric2\AppData\Local\ConnectedDevicesPlatform 2021-06-04 14:56 - 2021-06-19 17:53 - 000000000 ____D C:\Users\Eric\AppData\Roaming\fightcade-nativefier-b096d2 2021-06-04 14:33 - 2021-06-17 15:11 - 000000765 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Fightcade2.lnk 2021-06-04 14:31 - 2021-06-17 15:11 - 000000000 ____D C:\Users\Eric\Documents\Fightcade 2021-06-04 14:21 - 2021-06-04 14:24 - 221807280 _____ C:\Users\Eric\Downloads\Fightcade-win32-latest.exe 2021-06-03 20:23 - 2021-06-03 20:23 - 000000000 ____D C:\Users\Eric\AppData\Local\CipSoft GmbH 2021-06-03 20:23 - 2021-06-03 20:23 - 000000000 ____D C:\Users\Eric\AppData\Local\cache 2021-06-03 20:22 - 2021-06-03 20:22 - 000000000 ____D C:\Users\Eric\AppData\Local\BattlEye 2021-06-03 20:19 - 2021-06-18 07:20 - 000001257 _____ C:\Users\Eric\Desktop\Tibia.lnk 2021-06-03 20:19 - 2021-06-03 20:19 - 008071352 _____ C:\Users\Eric\Downloads\Tibia_Setup.exe 2021-06-03 20:19 - 2021-06-03 20:19 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia 2021-06-01 23:31 - 2021-06-01 23:31 - 005304392 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw10.sys 2021-06-01 23:31 - 2021-06-01 23:31 - 001419336 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter08.dll 2021-06-01 22:32 - 2021-06-01 22:32 - 035090400 _____ C:\Windows\system32\Drivers\Netwfw10.dat 2021-05-30 16:36 - 2021-05-30 16:36 - 000000000 ____D C:\Program Files\Reference Assemblies 2021-05-30 16:36 - 2021-05-30 16:36 - 000000000 ____D C:\Program Files\MSBuild 2021-05-30 16:36 - 2021-05-30 16:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2021-05-30 16:36 - 2021-05-30 16:36 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-05-30 14:24 - 2021-01-09 15:39 - 000002730 _____ C:\Users\Eric\Downloads\readme.txt 2021-05-30 14:24 - 2019-12-05 14:57 - 000000000 ____D C:\Users\Eric\Downloads\Master Levels of Doom 2021-05-30 14:24 - 2019-12-05 14:54 - 000000000 ____D C:\Users\Eric\Downloads\Ultimate Doom 2021-05-30 14:24 - 2019-12-05 14:54 - 000000000 ____D C:\Users\Eric\Downloads\Final Doom 2021-05-30 14:24 - 2019-12-05 14:54 - 000000000 ____D C:\Users\Eric\Downloads\Doom 2 2021-05-30 14:20 - 2021-05-30 14:20 - 001672610 _____ C:\Users\Eric\Downloads\doom_conv_patch_1.2.7z 2021-05-29 13:30 - 2021-06-15 19:02 - 000000000 ____D C:\Users\Eric\AppData\Roaming\dvdcss 2021-05-28 16:46 - 2021-05-28 16:46 - 000000000 ____D C:\Users\Eric\AppData\Local\ElevatedDiagnostics ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-06-26 17:59 - 2021-05-19 00:00 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-06-26 17:51 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-06-26 17:28 - 2021-05-19 00:06 - 000840878 _____ C:\Windows\system32\PerfStringBackup.INI 2021-06-26 17:28 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF 2021-06-26 17:21 - 2021-05-22 12:59 - 000000000 ____D C:\ProgramData\NVIDIA 2021-06-26 17:21 - 2021-05-19 00:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-06-26 17:21 - 2021-05-18 23:59 - 000008192 ___SH C:\DumpStack.log.tmp 2021-06-26 17:21 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI 2021-06-26 12:26 - 2021-05-19 00:05 - 000000000 ____D C:\Users\Eric 2021-06-24 10:46 - 2021-05-26 08:20 - 000000000 ____D C:\Program Files (x86)\Steam 2021-06-21 00:54 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness 2021-06-21 00:53 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-06-20 18:52 - 2021-05-18 23:59 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT 2021-06-20 18:50 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lv-LV 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\et-EE 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2021-06-20 18:50 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr 2021-06-20 16:41 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp 2021-06-20 15:11 - 2021-05-19 10:05 - 000000000 ____D C:\Users\Eric\AppData\LocalLow\Mozilla 2021-06-18 14:13 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-06-18 10:57 - 2021-05-19 00:59 - 000000000 ____D C:\Windows\Panther 2021-06-18 09:34 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\servicing 2021-06-17 15:40 - 2021-05-21 12:03 - 000000000 ____D C:\Users\Eric\AppData\Local\CrashDumps 2021-06-17 14:20 - 2021-05-19 10:05 - 000000000 ____D C:\ProgramData\Mozilla 2021-06-17 11:53 - 2021-05-19 00:05 - 000000000 ____D C:\Users\Eric\AppData\Local\VirtualStore 2021-06-16 09:42 - 2021-05-19 09:58 - 000000000 ____D C:\ProgramData\Package Cache 2021-06-15 19:02 - 2021-05-19 10:01 - 000000000 ____D C:\Users\Eric\AppData\Roaming\vlc 2021-06-13 14:51 - 2021-05-19 14:45 - 000003924 __RSH C:\ProgramData\ntuser.pol 2021-06-13 14:16 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2021-06-13 01:40 - 2021-05-19 00:05 - 000000000 ____D C:\ProgramData\Packages 2021-06-12 17:50 - 2021-05-18 22:16 - 132447432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-06-12 17:50 - 2021-05-18 22:16 - 000000000 ____D C:\Windows\system32\MRT 2021-06-04 18:58 - 2021-05-24 13:20 - 000000000 ____D C:\Program Files (x86)\Google 2021-06-04 18:57 - 2021-05-24 13:19 - 000000000 ____D C:\Users\Eric\AppData\Local\Google 2021-06-04 16:13 - 2021-05-19 00:05 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-06-01 17:02 - 2021-05-18 21:31 - 000000446 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2021-05-31 19:15 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\LiveKernelReports 2021-05-31 13:24 - 2021-05-22 17:54 - 000000000 ____D C:\Users\Eric\.runelite 2021-05-31 13:23 - 2021-05-22 19:41 - 000000000 ____D C:\Users\Eric\AppData\Local\RuneLite 2021-05-31 13:23 - 2021-05-22 17:55 - 000000043 _____ C:\Users\Eric\jagex_cl_oldschool_LIVE.dat 2021-05-31 13:23 - 2021-05-22 17:55 - 000000024 _____ C:\Users\Eric\random.dat 2021-05-31 12:51 - 2021-05-20 22:26 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Link to post Share on other sites More sharing options...
emoon326 Posted June 27, 2021 Author ID:1465688 Share Posted June 27, 2021 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2021 Ran by Eric (27-06-2021 02:39:01) Running from C:\Users\eric2\Downloads Windows 10 Pro Version 21H1 19043.1052 (X64) (2021-05-19 04:02:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1827097913-1817216829-3116216233-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1827097913-1817216829-3116216233-503 - Limited - Disabled) Eric (S-1-5-21-1827097913-1817216829-3116216233-1001 - Administrator - Enabled) => C:\Users\Eric eric2 (S-1-5-21-1827097913-1817216829-3116216233-1002 - Limited - Enabled) => C:\Users\eric2 Guest (S-1-5-21-1827097913-1817216829-3116216233-501 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-1827097913-1817216829-3116216233-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Authy Desktop (HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\...\authy) (Version: 1.8.3 - Twilio Inc.) Documentation Manager (HKLM\...\{D3342FE3-FE64-42C6-81A6-4F5F9BCFC4A9}) (Version: 22.50.1.1 - Intel Corporation) Hidden GlassWire 2.2 (remove only) (HKLM-x32\...\GlassWire 2.2) (Version: 2.2.304 - SecureMix LLC) Intel® Software Installer (HKLM-x32\...\{374c80b9-aad6-42d0-82d7-21cd45f9b5eb}) (Version: 22.50.1.1 - Intel Corporation) Hidden Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.66 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033 (HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 - Microsoft Corporation) Mozilla Firefox 89.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 89.0 - Mozilla) NVIDIA Graphics Driver 466.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.27 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation) PdaNet+ for Android 5.23 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.50.511.2021 - Realtek) REDRAGON M711 (HKLM-x32\...\{308D16D5-04D3-4581-A245-3B53AEF0AF36}}_is1) (Version: - ) RuneLite (HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\...\RuneLite Launcher_is1) (Version: 2.1.7 - RuneLite) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Tibia (HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\...\Tibia) (Version: - CipSoft GmbH) WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH) Packages: ========= Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2021-06-04] (Realtek Semiconductor Corp) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1827097913-1817216829-3116216233-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1827097913-1817216829-3116216233-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Eric\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1827097913-1817216829-3116216233-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1827097913-1817216829-3116216233-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\eric2\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1827097913-1817216829-3116216233-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\eric2\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1827097913-1817216829-3116216233-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\eric2\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-21] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\nvshext.dll [2021-04-27] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-21] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Eric\Desktop\tibia.bat - Shortcut.lnk -> C:\Users\Eric\Desktop\tibia.bat (No File) ==================== Loaded Modules (Whitelisted) ============= 2021-06-17 12:02 - 2017-06-16 21:36 - 000062464 _____ () [File not signed] C:\Program Files (x86)\REDRAGON M711 Gaming Mouse\HidDevice.dll 2021-06-17 12:02 - 2017-06-16 21:36 - 000143360 _____ (Holtek) [File not signed] C:\Program Files (x86)\REDRAGON M711 Gaming Mouse\HIDApi.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts 2021-05-18 21:31 - 2021-06-01 17:02 - 000000446 _____ C:\Windows\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg HKU\S-1-5-21-1827097913-1817216829-3116216233-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-1827097913-1817216829-3116216233-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-1827097913-1817216829-3116216233-1002\...\StartupApproved\Run: => "WTFast Tray" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D28B453C-6D37-4BFB-933D-17C497F35288}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{37DF3689-DC34-4B55-8417-F191F64DEBF0}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{A0AA1841-968E-4282-AF28-543BBF9DAF9C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{E9631C47-CDD6-45A6-967D-3D8671E977F9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{71139CDB-41F5-48D6-B02B-0D0FD0141EF4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{A7871E16-55FD-46C3-BF47-9EB591B19144}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{5A35CB24-16C6-47A2-A57F-9DC719D1F3A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\rerelease\DOOM.exe () [File not signed] FirewallRules: [{BDF83B49-1D92-4B29-BF18-153376968AA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\rerelease\DOOM.exe () [File not signed] FirewallRules: [{35186690-1A9E-40AF-AEBB-BD860464B4B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe (DOSBox Team) [File not signed] FirewallRules: [{395C4CE4-2956-48AC-AFB3-20FF71F258AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe (DOSBox Team) [File not signed] FirewallRules: [{4A3777C0-2803-40B8-BEDB-A89824304701}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe (DOSBox Team) [File not signed] FirewallRules: [{8EA9F059-63B7-4BE3-A2CE-740F4CA0E34C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe (DOSBox Team) [File not signed] FirewallRules: [{3D654AF5-AC36-44EE-8EAE-5C1491210358}] => (Allow) D:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed] FirewallRules: [{AD1D15FD-3310-49D1-827C-77E0B2BEC971}] => (Allow) D:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed] FirewallRules: [{274C20B0-7CA9-40AB-B6DA-F8BE7EA52022}] => (Allow) D:\SteamLibrary\steamapps\common\Valheim\valheim.exe () [File not signed] FirewallRules: [{E1D586CA-CF61-4DB8-AD7E-0E5DAC4CCD8E}] => (Allow) D:\SteamLibrary\steamapps\common\Valheim\valheim.exe () [File not signed] FirewallRules: [{3516D071-3EDD-467A-9AF5-BCA5B6AF4124}] => (Allow) D:\SteamLibrary\steamapps\common\LowMagicAge\low_magic_age.exe () [File not signed] FirewallRules: [{7519572D-E28B-42B3-BF63-B9213A7A46F0}] => (Allow) D:\SteamLibrary\steamapps\common\LowMagicAge\low_magic_age.exe () [File not signed] FirewallRules: [{AE34247A-C4F4-42BA-85A5-828ECE8DF1FB}] => (Allow) D:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe () [File not signed] FirewallRules: [{8C5AB436-5E3C-4BE6-9328-3A98172D34C1}] => (Allow) D:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe () [File not signed] FirewallRules: [{DD19115A-D02F-430F-BF72-2EC244A5FC07}] => (Allow) D:\SteamLibrary\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed] FirewallRules: [{3AFD0E85-E751-4313-8347-8741E61C72B2}] => (Allow) D:\SteamLibrary\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed] FirewallRules: [{3BF17697-6BBC-41C2-ADCF-86A994BEBD71}] => (Allow) D:\SteamLibrary\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{D9466AC5-A382-4A9A-8C73-58FCAB2BBA80}] => (Allow) D:\SteamLibrary\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{431349BC-3328-4BEC-A904-058E97255D24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe (Bethesda Softworks -> id Software LLC, a ZeniMax Media company) [File not signed] FirewallRules: [{84B4B5E1-262B-453C-B377-448942BFAEA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe (Bethesda Softworks -> id Software LLC, a ZeniMax Media company) [File not signed] FirewallRules: [{BE3DCF59-E3D6-429F-8608-78DD68D9A806}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 64\DOOM64_x64.exe () [File not signed] FirewallRules: [{31AD5BA3-86BF-4DC9-B640-CD8FB2E0589E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 64\DOOM64_x64.exe () [File not signed] FirewallRules: [{183A5C47-A908-4548-BB26-8B0DA67F5A3C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{1B798646-8311-40F8-A723-94B156527EC6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{A9853729-506E-47E0-89F0-A487AA65A74D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3C317F4B-5668-4E06-9A0F-0BC095FD4050}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{51ACB82A-8CED-4E89-8011-30353868E130}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B091BE1B-8E58-4B61-880F-4310A3AD4F62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{21FA30A2-F0BC-4AB4-A36C-8108FF14C3A7}] => (Allow) D:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed] FirewallRules: [{EFF926B6-9985-466A-95D3-8D4807BD8170}] => (Allow) D:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed] FirewallRules: [{B0039B41-BFC1-41A0-BF53-95649E4A269D}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve) FirewallRules: [{A5A93C77-0FE2-4A5F-B125-358D1187C182}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve) FirewallRules: [{74CF0357-F84A-4374-AF26-99CE8133C9BD}] => (Allow) D:\SteamLibrary\steamapps\common\Doom 2\rerelease\DOOM II.exe () [File not signed] FirewallRules: [{2F9542C4-F981-4770-B661-4870F01C3AFD}] => (Allow) D:\SteamLibrary\steamapps\common\Doom 2\rerelease\DOOM II.exe () [File not signed] FirewallRules: [{D5A0B6DF-EA56-4AD2-A3B8-BF20F85DEBB4}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed] FirewallRules: [{656B191E-53E5-4C03-A4D4-A99B963DE689}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed] FirewallRules: [{0A4B9A97-198D-4576-9950-E9C2284CE719}] => (Allow) D:\SteamLibrary\steamapps\common\Doom 3\Doom3.exe (id Software) [File not signed] FirewallRules: [{5BD8C1E1-7203-4B66-941E-5C57AB91A425}] => (Allow) D:\SteamLibrary\steamapps\common\Doom 3\Doom3.exe (id Software) [File not signed] FirewallRules: [{CFC1446D-66A7-41EA-8961-469521431EE1}] => (Allow) D:\SteamLibrary\steamapps\common\Morrowind\Morrowind Launcher.exe (Bethesda Softworks) [File not signed] FirewallRules: [{3BB99D2F-CEB3-4850-BC95-11E2A844EF33}] => (Allow) D:\SteamLibrary\steamapps\common\Morrowind\Morrowind Launcher.exe (Bethesda Softworks) [File not signed] FirewallRules: [{79631FB0-8A52-48EA-9D44-F91A288D73E0}] => (Allow) D:\SteamLibrary\steamapps\common\SteamWorld Dig\SteamWorldDig.exe () [File not signed] FirewallRules: [{0E7D5B36-7485-4CD4-8218-C74A28C53170}] => (Allow) D:\SteamLibrary\steamapps\common\SteamWorld Dig\SteamWorldDig.exe () [File not signed] FirewallRules: [{59BEDAEB-5BD5-4718-9521-6DD22A91D4D2}] => (Allow) D:\SteamLibrary\steamapps\common\Final Fantasy 6\FF6.exe () [File not signed] FirewallRules: [{8BA20B76-1D90-410B-8E09-E1A3010CF7E3}] => (Allow) D:\SteamLibrary\steamapps\common\Final Fantasy 6\FF6.exe () [File not signed] FirewallRules: [{4E951C9D-590D-43A0-AB51-8CFD625388E0}] => (Allow) D:\SteamLibrary\steamapps\common\Final Fantasy 6\FF6_Launcher.exe () [File not signed] FirewallRules: [{582E2291-6D5B-4C23-B0CD-45CED4786120}] => (Allow) D:\SteamLibrary\steamapps\common\Final Fantasy 6\FF6_Launcher.exe () [File not signed] FirewallRules: [{A75E294A-A913-4D8B-9C4D-5CA789E33C45}] => (Allow) D:\SteamLibrary\steamapps\common\Chrono Trigger\Chrono Trigger.exe (SQUARE ENIX CO., LTD. -> Square Enix) FirewallRules: [{F85BAC27-8DC8-4465-80BA-998C05478D34}] => (Allow) D:\SteamLibrary\steamapps\common\Chrono Trigger\Chrono Trigger.exe (SQUARE ENIX CO., LTD. -> Square Enix) FirewallRules: [{354B7A3A-16D6-41B4-AF12-0E18AD87D927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe FirewallRules: [{3019F2E5-A6FB-4D38-866F-81DBE46C63D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe ==================== Restore Points ========================= 03-06-2021 10:52:44 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 04-06-2021 14:32:57 Installed DirectX 04-06-2021 17:21:42 O&O ShutUp10 11-06-2021 12:47:36 Installed DirectX 16-06-2021 09:41:39 Installed Microsoft Visual C++ 2005 Redistributable 16-06-2021 09:41:57 Installed Microsoft Visual C++ 2005 Redistributable (x64) 18-06-2021 09:21:38 Removed Microsoft Update Health Tools 19-06-2021 16:18:18 Installed Realtek Ethernet Controller Driver 20-06-2021 16:27:54 Windows Modules Installer 20-06-2021 16:29:28 Windows Modules Installer ==================== Faulty Device Manager Devices ============ Name: Intel(R) Wi-Fi 6 AX200 160MHz Description: Intel(R) Wi-Fi 6 AX200 160MHz Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: Netwtw10 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (06/20/2021 02:35:15 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: ) Description: Event-ID 12007 Error: (06/20/2021 02:35:15 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: ) Description: Event-ID 0 Error: (06/19/2021 04:27:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.789, time stamp: 0x4aa1ce82 Faulting module name: msvcrt.dll, version: 7.0.19041.546, time stamp: 0x564f9f39 Exception code: 0x40000015 Fault offset: 0x000000000000ae22 Faulting process id: 0x538 Faulting application start time: 0x01d76548bb645f71 Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Faulting module path: C:\Windows\System32\msvcrt.dll Report Id: fbc1498d-89e1-4762-901a-cbde65565a0c Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel Error: (06/19/2021 04:19:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.789, time stamp: 0x4aa1ce82 Faulting module name: msvcrt.dll, version: 7.0.19041.546, time stamp: 0x564f9f39 Exception code: 0x40000015 Fault offset: 0x000000000000ae22 Faulting process id: 0x23f0 Faulting application start time: 0x01d76543fe26f97a Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Faulting module path: C:\Windows\System32\msvcrt.dll Report Id: d72a4e2b-ac8e-4819-ae4e-270af11f9616 Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel Error: (06/19/2021 03:46:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.789, time stamp: 0x4aa1ce82 Faulting module name: msvcrt.dll, version: 7.0.19041.546, time stamp: 0x564f9f39 Exception code: 0x40000015 Fault offset: 0x000000000000ae22 Faulting process id: 0x1b10 Faulting application start time: 0x01d76541107c92e6 Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Faulting module path: C:\Windows\System32\msvcrt.dll Report Id: e2859227-d9e3-4133-bbab-3c8d52eb9bb9 Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel Error: (06/18/2021 09:21:57 AM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-G3UFN9C) Description: Product: Microsoft Update Health Tools -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , , Error: (06/18/2021 09:21:57 AM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-G3UFN9C) Description: Product: Microsoft Update Health Tools -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , , Error: (06/18/2021 07:25:29 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-G3UFN9C) Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126). System errors: ============= Error: (06/26/2021 05:03:44 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:27:11 PM on 6/25/2021 was unexpected. Error: (06/24/2021 08:38:48 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:09:39 PM on 6/24/2021 was unexpected. Error: (06/24/2021 11:22:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Mozilla Maintenance Service service terminated with the following error: Incorrect function. Error: (06/24/2021 03:31:55 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY) Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013. Error: (06/24/2021 02:45:42 AM) (Source: Tcpip) (EventID: 4199) (User: ) Description: The system detected an address conflict for IP address 2607:fb90:6c33:4e9a:bc74:6a0a:ac48:d161 with the system having network hardware address B6-28-23-4E-1C-1E. Network operations on this system may be disrupted as a result. Error: (06/23/2021 08:50:21 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:25:59 PM on 6/22/2021 was unexpected. Error: (06/21/2021 05:35:13 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:15:50 AM on 6/21/2021 was unexpected. Error: (06/21/2021 02:57:55 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 1:29:33 AM on 6/21/2021 was unexpected. Windows Defender: ================ Date: 2021-05-22 20:00:46 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-24 20:47:02 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1227.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-05-24 20:47:02 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1227.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-05-24 20:47:02 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1227.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-05-24 20:47:02 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1227.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-05-24 20:47:02 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1227.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =============== Date: 2021-05-25 10:12:03 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Eric\Downloads\WiFi_22.40.0_Driver64_Win10.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-05-23 18:56:21 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Users\Eric\Desktop\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. F1 08/17/2020 Motherboard: Gigabyte Technology Co., Ltd. B450M DS3H V2 Processor: AMD Ryzen 5 3600 6-Core Processor Percentage of memory in use: 25% Total physical RAM: 16332.47 MB Available physical RAM: 12195.65 MB Total Virtual: 18764.47 MB Available Virtual: 12368.5 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.96 GB) (Free:141.95 GB) NTFS Drive d: (STORAGE) (Fixed) (Total:931.5 GB) (Free:723.24 GB) NTFS \\?\Volume{34b135c2-ffe7-4b81-9fc9-669f86241efa}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS \\?\Volume{f2cacc7f-c530-400e-a473-d014e843f830}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 5E9135F9) Partition: GPT. ==================== End of Addition.txt ======================= Link to post Share on other sites More sharing options...
kevinf80 Posted June 27, 2021 ID:1465708 Share Posted June 27, 2021 Hello emoon326 and welcome to Malwarebytes, I`ve just uploaded cports.exe to the false positive (FP) forum to be checked, malwarebytes has just flagged it on my system. Leave it in quarantine for now, if the file is proved to be clean you can restore from Quarantine... You can check for progress at the following link: https://forums.malwarebytes.com/topic/275912-possible-fp-cports-x64/ Thank you, Kevin... Link to post Share on other sites More sharing options...
Solution kevinf80 Posted June 27, 2021 Solution ID:1465858 Share Posted June 27, 2021 Hello emoon326, You can restore cports.exe from Quarantine, it will no longer be flagged as malicious by Malwarebytes... Thank you, Kevin.. Link to post Share on other sites More sharing options...
emoon326 Posted June 28, 2021 Author ID:1466152 Share Posted June 28, 2021 Thanks for checking! I was skeptical myself just making sure :) 1 Link to post Share on other sites More sharing options...
kevinf80 Posted June 28, 2021 ID:1466153 Share Posted June 28, 2021 Hiya emoon326, Thanks for the update, do you have any remaining issues or concerns or are we ok to close out... Regards, Kevin. Link to post Share on other sites More sharing options...
kevinf80 Posted June 29, 2021 ID:1466224 Share Posted June 29, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts