Jump to content

"An error has occurred and Malwarebytes will not install on your computer"


Go to solution Solved by kevinf80,

Recommended Posts

Dear MalwareBytes staff,

 

Recently, i discovered that my pc has infected malware virus. After some googling,  I found an article which instructed me to download Malwarebytes and run some diagnostics/full scan. I downloaded the installer, completed the setup steps, and was prompted to restart my computer, but my computer restard twice. After the restart had completed and I had logged into my computer, a popup box came on my screen which displayed the text; 

"an error has occurred and malwarebytes will not install on your computer"

I also downloaded your support tool as to and ran it to collect some log files to assist in solving this issue of mine.

The logs should be attached to this post.

Thank you for your help

mbst-grab-results.zip

Link to post
Share on other sites

Hello Tamin and welcome to Malwarebytes,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin

Link to post
Share on other sites

Dear Kevin,

 

Thank you for your advice.

I have done the process based on your suggestion.

Here the result of FRST scan :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2021
Ran by RYZEN (administrator) on DESKTOP-D4CAM6T (22-08-2021 11:45:21)
Running from C:\Users\RYZEN\Downloads
Loaded Profiles: RYZEN
Platform: Windows 10 Pro Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <33>
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Real Protect\RealProtect.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21061.10121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Spotify AB -> Spotify Ltd) C:\Users\RYZEN\AppData\Roaming\Spotify\Spotify.exe <6>
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) D:\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [881440 2019-06-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [8243736 2021-08-21] (McAfee, Inc. -> McAfee, LLC.)
HKU\S-1-5-21-2120709854-2817591141-2818763254-1001\...\Run: [Discord] => C:\Users\RYZEN\AppData\Local\Discord\Update.exe --processStart Discord.exe
HKU\S-1-5-21-2120709854-2817591141-2818763254-1001\...\Run: [Spotify] => C:\Users\RYZEN\AppData\Roaming\Spotify\Spotify.exe [24731784 2021-08-18] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2120709854-2817591141-2818763254-1001\...\Run: [Steam] => D:\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-2120709854-2817591141-2818763254-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2120709854-2817591141-2818763254-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2120709854-2817591141-2818763254-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2120709854-2817591141-2818763254-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-19] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06EDA997-5500-478E-97B3-87EC3AF638A4} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {087D8C67-2E58-4067-B804-7772872323BD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {1E11C032-6CC1-46FF-9BE1-DB26EF3408B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {33ED4126-4194-474D-A7AE-0FB33657CE16} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {42E0F116-18E2-4DDD-80F6-75DEF1F899B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4B16EDE8-C3C0-48BF-BBD8-10903D2D3F22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-26] (Adobe Inc. -> Adobe Inc.)
Task: {56F41F01-F801-41C9-BA46-C0B42A7E6688} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AAF6E67-90CC-4F47-9780-DFDA103BAADD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {76278D75-600E-4802-BE54-C72730E0199C} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {7D9316EB-55F2-40F8-B01C-42FEA8536D33} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {89C39AC9-3FEE-4925-B157-090A6612138A} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8C4E5816-F1FC-4DC6-A670-BA38F3BC93CD} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe <==== ATTENTION
Task: {913CBF43-7CA1-47E0-BE52-D1759AF0B88E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2020-02-15] (Google Inc -> Google Inc.)
Task: {9312C37A-6590-4F2C-9F8E-AFFB6209CE4B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9CC688F9-540D-4DAF-8C43-233B1184F3DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9ED4CABF-2795-4D80-BD84-188FA120B697} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2CD33D0-9F16-4BF3-9401-E4839F87A961} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {A313E287-E6DD-43D5-8680-7CB51283AAEF} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-09] (Adobe Inc. -> Adobe)
Task: {A83B0E12-BD9D-40FB-A386-7A27A5448218} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {B5411FE9-42DC-40FE-9476-2F472C4C3C30} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BA76174B-264D-4409-AD2E-861F142F6E5B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-09] (Adobe Inc. -> Adobe)
Task: {C56908F3-5A67-40B7-BFBF-5E0918DB66EF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CC29B89B-CC04-4700-BDA8-AEDD651A9AFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {DDA6C8E1-A3D3-4FA9-9D31-668C4509D931} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E4B32236-D53C-4A5B-A2EE-CBDD9F3EB358} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {E603E23B-817C-419A-A9D3-4A8DBCF32367} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {E7460818-B700-4DD6-B2C1-646E5388DC9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2020-02-15] (Google Inc -> Google Inc.)
Task: {ECC97BC4-68D4-4909-8665-1D108CA26DB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 118.98.44.100 118.98.44.10
Tcpip\..\Interfaces\{a5d4032a-8fb0-4ffe-982f-2064ac1169f1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a5d4032a-8fb0-4ffe-982f-2064ac1169f1}: [DhcpNameServer] 118.98.44.100 118.98.44.10

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\RYZEN\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-22]
Edge HKU\S-1-5-21-2120709854-2817591141-2818763254-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx <not found>

FireFox:
========
FF DefaultProfile: zdxi7i3d.default
FF ProfilePath: C:\Users\RYZEN\AppData\Roaming\Mozilla\Firefox\Profiles\zdxi7i3d.default [2021-08-21]
FF ProfilePath: C:\Users\RYZEN\AppData\Roaming\Mozilla\Firefox\Profiles\n2pzqow0.default-release [2021-08-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Default [2021-08-22]
CHR Extension: (Grammarly for Chrome) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-08-14]
CHR Extension: (LINE) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2020-02-15]
CHR Extension: (Google Classroom) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2020-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-24]
CHR Profile: C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-08-22]
CHR Profile: C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-08-20]
CHR Extension: (Slides) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-29]
CHR Extension: (Sheets) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-29]
CHR Extension: (Google Docs Offline) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-23]
CHR Profile: C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-08-13]
CHR Extension: (Slides) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-16]
CHR Extension: (Sheets) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-16]
CHR Extension: (Google Docs Offline) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-16]
CHR Extension: (Chrome Media Router) - C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-28]
CHR Profile: C:\Users\RYZEN\AppData\Local\Google\Chrome\User Data\System Profile [2021-08-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142128 2021-08-05] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2019-12-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S4 MEmuSVC; C:\Program Files\Microvirt\MEmu\MemuService.exe [85304 2019-09-12] (Shanghai Microvirt Software Technology Co., Ltd. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-02-15] (Martin Malik - REALiX -> REALiX(tm))
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [320360 2020-10-09] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 TESMON; C:\Windows\system32\drivers\TesMon.sys [3231264 2020-02-16] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [812208 2020-02-15] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [555064 2020-03-15] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 UniSafe; C:\Windows\system32\drivers\UniSafe.sys [582032 2020-02-16] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
S3 bntap; \SystemRoot\System32\drivers\bntap.sys [X]
R1 WinmonProcessMonitor; \??\C:\WINDOWS\System32\drivers\WinmonProcessMonitor.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-22 11:45 - 2021-08-22 11:45 - 000022605 _____ C:\Users\RYZEN\Downloads\FRST.txt
2021-08-22 11:44 - 2021-08-22 11:44 - 002300928 _____ (Farbar) C:\Users\RYZEN\Downloads\FRST64.exe
2021-08-22 07:05 - 2021-08-22 00:30 - 094371840 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-08-22 07:01 - 2021-08-22 07:05 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-08-22 00:25 - 2021-08-22 00:26 - 000000000 ____D C:\AdwCleaner
2021-08-22 00:24 - 2021-08-22 00:25 - 008553680 _____ (Malwarebytes) C:\Users\RYZEN\Downloads\adwcleaner_8.3.0.exe
2021-08-21 23:56 - 2021-08-21 23:56 - 000000203 _____ C:\Users\RYZEN\Desktop\Apex Legends.url
2021-08-21 23:47 - 2021-08-21 23:47 - 006673184 _____ (EnigmaSoft Limited) C:\Users\RYZEN\Downloads\SpyHunter-5.10-54-8469-Installer.exe
2021-08-21 23:44 - 2021-08-21 23:45 - 000000934 _____ C:\Users\RYZEN\Downloads\Stinger_21082021_234449.html
2021-08-21 23:39 - 2021-08-21 23:40 - 000001144 _____ C:\Users\RYZEN\Downloads\Stinger_21082021_233943.html
2021-08-21 23:31 - 2021-08-21 23:45 - 000000114 ___RH C:\Users\RYZEN\Downloads\Stinger.opt
2021-08-21 23:27 - 2021-08-21 23:27 - 002120496 _____ (Malwarebytes) C:\Users\RYZEN\Downloads\MBSetup-119967.119967-consumer.exe
2021-08-21 23:24 - 2021-08-21 23:25 - 000000934 _____ C:\Users\RYZEN\Downloads\Stinger_21082021_232456.html
2021-08-21 23:22 - 2021-08-21 23:23 - 000000934 _____ C:\Users\RYZEN\Downloads\Stinger_21082021_232239.html
2021-08-21 23:21 - 2021-08-21 23:21 - 000000000 ____D C:\Quarantine
2021-08-21 23:20 - 2021-08-21 23:45 - 000000000 ____D C:\Program Files (x86)\stinger
2021-08-21 23:20 - 2021-08-21 23:21 - 000000934 _____ C:\Users\RYZEN\Downloads\Stinger_21082021_232040.html
2021-08-21 23:20 - 2021-08-21 23:20 - 000000000 ____D C:\Program Files\McAfee
2021-08-21 22:57 - 2021-08-21 23:20 - 019404600 _____ (McAfee LLC) C:\Users\RYZEN\Downloads\stinger32.exe
2021-08-21 22:18 - 2021-08-21 23:35 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-08-21 22:15 - 2021-08-21 22:47 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2021-08-21 22:15 - 2021-08-21 22:15 - 002765136 _____ (Kaspersky) C:\Users\RYZEN\Downloads\kts2ss1.3.10.391en_26099.exe
2021-08-21 22:03 - 2021-08-21 22:04 - 070858912 _____ (Discord Inc.) C:\Users\RYZEN\Downloads\DiscordSetup.exe
2021-08-21 20:03 - 2021-08-21 20:03 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-08-21 19:45 - 2021-08-21 19:45 - 000000000 ____D C:\WINDOWS\ERUNT
2021-08-21 19:30 - 2021-08-21 19:30 - 001230822 _____ C:\Users\Public\Desktop\mbst-grab-results.zip
2021-08-21 19:27 - 2021-08-22 11:45 - 000000000 ____D C:\FRST
2021-08-21 19:20 - 2021-08-21 19:20 - 000000000 ____D C:\ProgramData\mb3migration
2021-08-21 16:38 - 2021-08-21 18:40 - 1702524129 _____ C:\Users\RYZEN\Downloads\BG31-072Pr21v15.0.0.41.rar
2021-08-21 16:10 - 2021-08-21 23:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-08-21 16:06 - 2021-08-22 00:27 - 001987072 ____H C:\WINDOWS\windefender.exe
2021-08-21 15:58 - 2021-08-21 23:27 - 000000000 ____D C:\Program Files\Malwarebytes
2021-08-21 15:31 - 2021-08-21 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-08-21 15:31 - 2021-08-21 15:31 - 000000000 ____D C:\Program Files\7-Zip
2021-08-21 15:28 - 2021-08-21 21:56 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2021-08-21 15:27 - 2021-08-21 15:27 - 000000000 ____D C:\ProgramData\RYZEN
2021-08-21 13:20 - 2021-08-21 13:20 - 000000000 ____D C:\Users\RYZEN\AppData\Roaming\EasyAntiCheat
2021-08-21 13:18 - 2021-08-21 13:18 - 000000000 ____D C:\WINDOWS\system32\lxss
2021-08-21 13:18 - 2021-08-21 13:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-08-21 13:16 - 2021-08-06 04:12 - 000037664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-08-21 13:13 - 2021-08-06 15:45 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-08-21 13:13 - 2021-08-06 15:45 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-08-21 13:13 - 2021-08-06 15:45 - 001474672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-08-21 13:13 - 2021-08-06 15:45 - 001438840 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-08-21 13:13 - 2021-08-06 15:45 - 001438840 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-08-21 13:13 - 2021-08-06 15:45 - 001212536 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-08-21 13:13 - 2021-08-06 15:45 - 001097832 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-08-21 13:13 - 2021-08-06 15:45 - 001097832 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-08-21 13:13 - 2021-08-06 15:45 - 000951928 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-08-21 13:13 - 2021-08-06 15:45 - 000951928 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-08-21 13:13 - 2021-08-06 15:42 - 000716928 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-08-21 13:13 - 2021-08-06 15:42 - 000645248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-08-21 13:13 - 2021-08-06 15:42 - 000577152 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-08-21 13:13 - 2021-08-06 15:41 - 002112144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-08-21 13:13 - 2021-08-06 15:41 - 001595536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-08-21 13:13 - 2021-08-06 15:41 - 001520760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-08-21 13:13 - 2021-08-06 15:41 - 001171088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-08-21 13:13 - 2021-08-06 15:41 - 000919184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-08-21 13:13 - 2021-08-06 15:41 - 000750200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-08-21 13:13 - 2021-08-06 15:41 - 000706168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-08-21 13:13 - 2021-08-06 15:41 - 000676480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-08-21 13:13 - 2021-08-06 15:41 - 000564352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-08-21 13:13 - 2021-08-06 15:40 - 008854136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-08-21 13:13 - 2021-08-06 15:40 - 007920760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-08-21 13:13 - 2021-08-06 15:40 - 005680768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-08-21 13:13 - 2021-08-06 15:40 - 004987512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-08-21 13:13 - 2021-08-06 15:40 - 002925688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-08-21 13:13 - 2021-08-06 15:40 - 000447096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-08-21 13:13 - 2021-08-06 15:39 - 000849024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-08-21 13:13 - 2021-08-06 15:38 - 007280848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-08-21 13:13 - 2021-08-06 15:38 - 006215808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-08-21 13:13 - 2021-08-06 04:12 - 000083062 _____ C:\WINDOWS\system32\nvinfo.pb
2021-08-21 13:08 - 2021-08-21 13:20 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-08-21 13:05 - 2021-06-03 20:56 - 000043408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys
2021-08-21 12:31 - 2021-08-22 00:31 - 000000000 ___HD C:\WINDOWS\rss
2021-08-21 12:31 - 2021-08-22 00:27 - 000003270 _____ C:\WINDOWS\system32\Tasks\csrss
2021-08-21 12:29 - 2021-08-21 14:39 - 000000000 ____D C:\Users\RYZEN\Downloads\Compressed
2021-08-21 12:29 - 2021-08-21 12:29 - 000000000 ____D C:\Users\RYZEN\Downloads\Video
2021-08-19 11:28 - 2021-08-19 11:28 - 000291593 _____ C:\Users\RYZEN\Downloads\Bizcard.zip
2021-08-18 20:23 - 2021-08-18 20:43 - 000000000 ____D C:\Users\RYZEN\AppData\Local\Movavi
2021-08-18 20:23 - 2021-08-18 20:23 - 000000000 ____D C:\Users\RYZEN\AppData\Local\VideoEditorPlus
2021-08-18 20:03 - 2021-08-18 20:03 - 000001020 _____ C:\Users\RYZEN\Desktop\Movavi Video Editor Plus 2021.lnk
2021-08-18 20:03 - 2021-08-18 20:03 - 000000000 ____D C:\Users\RYZEN\AppData\Roaming\Movavi Video Editor Plus 2021
2021-08-18 20:03 - 2021-08-18 20:03 - 000000000 ____D C:\Users\RYZEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor Plus 2021
2021-08-18 20:02 - 2021-08-18 20:02 - 000012724 _____ C:\ProgramData\juutbubq.wrj
2021-08-18 20:02 - 2021-08-18 20:02 - 000000016 _____ C:\ProgramData\mntemp
2021-08-18 18:56 - 2021-08-18 19:00 - 079823544 _____ (Movavi) C:\Users\RYZEN\Downloads\MovaviVideoEditorPlusSetupC.exe
2021-08-18 12:07 - 2021-08-18 12:07 - 000148902 _____ C:\Users\RYZEN\Downloads\NURAISYA0824_14612338 (1).pdf
2021-08-15 16:43 - 2021-08-15 16:43 - 000000000 ____D C:\Users\RYZEN\Documents\TecmoKoei
2021-08-12 13:52 - 2021-08-12 13:52 - 000095000 _____ C:\Users\RYZEN\Downloads\2020-10-14 Employment Verification Form_Employer-Nur Aisyah(WWC).pdf
2021-08-12 13:52 - 2021-08-12 13:52 - 000066848 _____ C:\Users\RYZEN\Downloads\2020-10-14 Employment Verification Form_Employee-Nur Aisyah-NJK.pdf
2021-08-12 13:42 - 2021-08-12 13:42 - 000183576 _____ C:\Users\RYZEN\Downloads\ACFrOgAuWOI_tujFfoRwP8zVXZCbJarf4OpifGjY3eEJ7s5cII8rUKwg09rTAxKyQPMSc-N4GZHK6wxQ7i5hWgOZ53F0vX-5NxCmTPtmlJQgw2oBqv-q5q-NeIxaYBZef0jBA3ONz59aHmIUDVe6.pdf
2021-08-12 11:00 - 2021-08-12 11:00 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-12 11:00 - 2021-08-12 11:00 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-12 11:00 - 2021-08-12 11:00 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-12 11:00 - 2021-08-12 11:00 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-12 11:00 - 2021-08-12 11:00 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-12 11:00 - 2021-08-12 11:00 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-12 11:00 - 2021-08-12 11:00 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-12 10:52 - 2021-08-12 10:52 - 000000000 ___HD C:\$WinREAgent
2021-08-11 14:18 - 2021-08-11 14:18 - 000397558 _____ C:\Users\RYZEN\Downloads\Employment Verification Form-MEL-P.pdf
2021-08-11 14:18 - 2021-08-11 14:18 - 000144345 _____ C:\Users\RYZEN\Downloads\2020-10-14 Employment Verification Form_Employer-Nur Aisyah.pdf
2021-08-07 23:59 - 2021-08-07 23:59 - 000000000 ____D C:\Users\RYZEN\AppData\Roaming\NVIDIA
2021-08-01 15:04 - 2021-08-01 15:04 - 000000199 _____ C:\Users\RYZEN\Desktop\Dota 2.url
2021-08-01 13:43 - 2021-08-07 11:19 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2021-08-01 13:43 - 2021-08-01 13:43 - 000000000 ____D C:\Users\RYZEN\AppData\Roaming\Hard Disk Sentinel
2021-08-01 13:39 - 2021-08-01 13:43 - 036324820 _____ C:\Users\RYZEN\Downloads\hdsentinel_trial_setup.zip
2021-08-01 13:22 - 2021-08-01 13:22 - 000000553 _____ C:\Users\Public\Desktop\Steam.lnk
2021-08-01 13:22 - 2021-08-01 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-08-01 13:21 - 2021-08-01 13:22 - 001770744 _____ C:\Users\RYZEN\Downloads\SteamSetup.exe
2021-07-31 07:38 - 2021-07-31 07:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-07-30 20:08 - 2021-07-30 20:08 - 000000000 ____D C:\Users\RYZEN\AppData\LocalLow\Team17
2021-07-29 21:38 - 2021-07-29 21:38 - 000000000 ____D C:\Users\RYZEN\AppData\Roaming\Origin
2021-07-29 21:38 - 2021-07-29 21:38 - 000000000 ____D C:\Users\RYZEN\AppData\Local\Origin
2021-07-29 14:20 - 2021-07-29 14:20 - 000896848 _____ C:\Users\RYZEN\Downloads\10083-34520-1-PB.pdf
2021-07-29 14:20 - 2021-07-29 14:20 - 000896848 _____ C:\Users\RYZEN\Downloads\10083-34520-1-PB (1).pdf
2021-07-27 14:15 - 2021-07-27 14:15 - 001473949 _____ C:\Users\RYZEN\Downloads\Formulir Pelonggaran 2021.PDF
2021-07-25 20:48 - 2021-07-25 20:48 - 000269963 _____ C:\Users\RYZEN\Downloads\20210629094305_COMP6405_FIN_RCQuestion.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-22 11:41 - 2020-09-07 16:48 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-22 11:39 - 2020-11-13 09:19 - 000000000 ____D C:\Users\RYZEN\AppData\Local\Spotify
2021-08-22 11:39 - 2020-11-13 09:18 - 000000000 ____D C:\Users\RYZEN\AppData\Roaming\Spotify
2021-08-22 11:39 - 2020-02-15 12:05 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-22 02:12 - 2019-12-07 16:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-22 00:38 - 2021-03-12 21:42 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-22 00:38 - 2019-12-07 16:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-22 00:31 - 2021-03-12 21:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-22 00:31 - 2021-03-12 21:32 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-22 00:30 - 2019-12-07 16:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-08-21 23:56 - 2021-06-30 22:00 - 000000000 ____D C:\Users\RYZEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-08-21 23:35 - 2019-12-07 16:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-21 23:33 - 2021-03-12 20:08 - 000000000 ____D C:\Users\RYZEN
2021-08-21 23:26 - 2020-02-15 14:49 - 000000000 ____D C:\Users\RYZEN\AppData\Local\SquirrelTemp
2021-08-21 22:31 - 2021-03-12 21:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-21 22:29 - 2019-10-31 00:36 - 000000000 ____D C:\Users\RYZEN\AppData\Local\D3DSCache
2021-08-21 22:19 - 2019-12-07 16:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-08-21 20:36 - 2020-02-15 13:28 - 000000000 ____D C:\Users\RYZEN\AppData\Local\ElevatedDiagnostics
2021-08-21 16:23 - 2019-10-31 00:28 - 000000000 ____D C:\ProgramData\Package Cache
2021-08-21 13:19 - 2020-09-07 16:48 - 000000000 ____D C:\Users\RYZEN\AppData\Local\NVIDIA
2021-08-21 13:18 - 2020-09-07 16:48 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-08-21 13:18 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-21 13:05 - 2021-03-12 21:38 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-21 13:05 - 2021-03-12 21:38 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-21 13:05 - 2021-03-12 21:38 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-21 13:05 - 2021-03-12 21:38 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-21 13:05 - 2021-03-12 21:38 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-21 13:05 - 2021-03-12 21:38 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-21 13:05 - 2021-03-12 21:38 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-21 13:05 - 2021-03-12 21:38 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-21 13:05 - 2021-03-12 21:38 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-21 13:05 - 2021-03-12 21:38 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-21 13:05 - 2020-09-07 16:48 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2021-08-21 13:05 - 2020-09-07 16:48 - 000000000 ____D C:\Users\RYZEN\AppData\Local\NVIDIA Corporation
2021-08-21 13:05 - 2020-09-07 16:48 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-08-21 13:05 - 2020-09-07 16:48 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-08-21 12:38 - 2020-09-18 23:18 - 000000000 ____D C:\Users\RYZEN\AppData\LocalLow\Mozilla
2021-08-21 12:38 - 2020-02-15 12:05 - 000000000 ____D C:\ProgramData\Mozilla
2021-08-20 06:40 - 2020-06-11 02:10 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-20 06:40 - 2019-12-07 16:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-19 06:02 - 2020-02-15 12:05 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-18 20:23 - 2020-02-15 12:07 - 000000000 ____D C:\Users\RYZEN\AppData\Local\cache
2021-08-16 07:27 - 2021-04-13 10:26 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7174d4e01e849
2021-08-16 07:27 - 2021-03-12 21:38 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-15 18:55 - 2020-02-15 12:20 - 000000000 ____D C:\Program Files\Microsoft Office
2021-08-15 12:14 - 2020-02-16 16:08 - 000000000 ____D C:\Users\RYZEN\AppData\Roaming\vlc
2021-08-15 11:59 - 2019-10-31 00:20 - 000000000 ____D C:\Users\RYZEN\AppData\Local\Packages
2021-08-14 20:54 - 2020-11-07 07:27 - 000000000 ____D C:\Program Files (x86)\Betternet
2021-08-12 22:34 - 2021-03-12 21:32 - 000435384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-12 22:33 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-08-12 22:33 - 2019-12-07 16:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-12 22:33 - 2019-12-07 16:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-12 22:33 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-12 22:33 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-12 22:33 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-12 22:33 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-12 22:33 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-12 22:33 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-08-12 22:33 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-12 22:33 - 2019-12-07 16:03 - 000000000 ____D C:\WINDOWS\servicing
2021-08-12 11:03 - 2019-12-07 16:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-12 10:52 - 2020-02-15 13:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-12 10:50 - 2020-02-15 13:02 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-12 09:08 - 2021-03-14 15:16 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-08-09 16:06 - 2021-03-12 21:38 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2120709854-2817591141-2818763254-1001
2021-08-09 16:06 - 2021-03-12 20:08 - 000002383 _____ C:\Users\RYZEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-09 16:06 - 2019-10-31 00:22 - 000000000 ___RD C:\Users\RYZEN\OneDrive
2021-08-06 04:12 - 2021-01-26 22:10 - 000136472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-08-04 08:25 - 2019-10-31 00:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-08-04 06:58 - 2020-10-01 14:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-03 12:13 - 2021-03-12 21:38 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-03 12:13 - 2021-03-12 21:38 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-01 13:46 - 2020-02-16 12:06 - 000000000 ____D C:\Users\RYZEN\AppData\Local\PlaceholderTileLogoFolder
2021-07-29 21:46 - 2020-03-14 23:02 - 000000000 ____D C:\ProgramData\Origin
2021-07-29 20:15 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-07-26 18:17 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-07-24 23:25 - 2021-01-24 13:58 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== FLock ==============================

2021-08-22 00:27 C:\WINDOWS\windefender.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

I dont know why my pc cannot install malwarebytes, i found the virus named artemisXXXXX on my pc.

i want to clean this virus with malwarebytes, but i cannot install on my pc.

Many Thanks

Addition.txt

Link to post
Share on other sites

  • Solution

Hiya Tamin,

Thanks for those logs, continue;

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download and run the Malwarebytes Support Tool
Accept the EULA and click Advanced tab on the left (not Start Repair)
Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here

When complete:-

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use Text file (*.txt) - name the file and save to a place of choice, recommend "Desktop" then attach to reply


Let me see those logs in your reply...

Thank you,

Kevin.

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

 

Regarding log from FRST fix, i already deleted all log from tools that you suggest to me when i success instal malwarebytes.

i thought the log is not important, so i just deleted the FRST fix log.

My apologies for deleted FRST log.

But i really want to say thank you so much for your help.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.