Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

FRST Tutorial Comment

* * * * * 1 votes FRST farbar tutorial

  • Please log in to reply
184 replies to this topic

#181
PeterJ

PeterJ

    Visiting Consultant

  • Visiting Consultant
  • 48 posts

Ok, thanks for the explanation.


  • 0

Advertisements


#182
baloooo

baloooo

    New Member

  • Member
  • Pip
  • 1 posts

Hi !

 

I was wondering how to uninstall FRST64. I read the section about removing the software and its files but didn't managed to do so.

 

Could you help me please ?

 

Thanks


  • 0

#183
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 247 posts

To uninstall FRST ....
 

  • Rename Frst.exe or Frst64.exe to Uninstall.exe
  • With the computer booted into Normal Mode run the renamed Frst.

image.png.9cf9e0ab76b122782aff3552f54c58     =>     image.png.44f957ce25ef61c76206655a464251

 

image.png.abcc20b28654d54fae08e7451bb5dc

 

  • The computer will reboot, and on boot up will delete ...
    • %systemdrive%\FRST
    • and from the directory from which Frst is run, it will delete ...
      • Frst.txt
      • Addition.txt
      • Search.txt
      • Fixlog.txt
      • The tool itself

  • 1

#184
WeeD_o07

WeeD_o07

    New Member

  • Member
  • Pip
  • 1 posts

i need help with my system i got all these duplicate Microsoft in house apps all over my system i started on this FRST.txt and addition.txt  not to clear on the Fixit.txt

 

can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022 (ATTENTION: ====> FRST version is 34 days old and could be outdated)
Ran by weedm (administrator) on DESKTOP-Q9SHEQ4 (Dell Inc. OptiPlex 7010) (03-10-2022 14:24:14)
Running from C:\Users\weedm\Saved Games\OneDrive\Desktop\Swtor Letters
Loaded Profiles: weedm
Platform: Microsoft Windows 10 Home Version 21H2 19044.2075 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14>
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\rpbgdownloader.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(services.exe ->) (BattlEye Innovations e.K. -> ) C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe
(services.exe ->) (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(services.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(svchost.exe ->) (RealNetworks, Inc. -> ) C:\Program Files (x86)\Real\RealPlayer\downloader2.exe
(wbem\WmiPrvSE.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(wbem\WmiPrvSE.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [347560 2022-09-30] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealPlayer] => c:\program files (x86)\real\realplayer\RPDS\Bin\rpsystray.exe [5941192 2022-09-30] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => c:\program files (x86)\real\realplayer\downloader2.exe [1186728 2022-09-30] (RealNetworks, Inc. -> )
HKU\S-1-5-21-2783459921-2061380807-1874723180-1002\...\Run: [Steam] => G:\Program Files (x86)\Steam\steam.exe [4235112 2022-09-27] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2783459921-2061380807-1874723180-1002\...\Run: [Discord] => C:\Users\weedm\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2783459921-2061380807-1874723180-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38502416 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2783459921-2061380807-1874723180-1002\...\MountPoints2: {218bfcde-e76b-11eb-97a5-90b11c9e5bae} - "D:\WifiAutoInstallSetup.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\106.0.5249.91\Installer\chrmstp.exe [2022-09-30] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\105.0.1343.53\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\...\Authentication\Credential Providers: [{f64945df-4fa9-4068-a2fb-61af319edd33}] -> C:\Windows\system32\rdpcredentialprovider.dll [2022-10-02] (Microsoft Windows -> Microsoft Corporation)
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AA8BBCC-DC0B-4B4E-B108-79B1D61E9034} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-20] (Google LLC -> Google LLC)
Task: {160F5F10-D256-4379-83BC-F82319A61DC2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-09-12] (Piriform Software Ltd -> Piriform)
Task: {1F874E15-9406-4A1D-806C-4FA5FF28DE75} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4666896 2022-09-12] (Piriform Software Ltd -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "1a88aa50-00f7-4cfb-8d5a-a429e6041d55" --version "6.04.10044" --silent
Task: {29D57E10-DBD9-420B-B7CD-A97371AD806D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-20] (Google LLC -> Google LLC)
Task: {36674552-E0D9-471A-9CF9-A99131A9902D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4CA5A245-A7CF-4C33-A0B3-E11F52C5ADA1} - System32\Tasks\HudSight => G:\Program Files (x86)\HudSight\HudSight.exe (No File)
Task: {5A09B2D0-FF3A-4C58-85CF-A60174199F28} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5EBFF75C-65E5-4F84-A6BC-0D4ABFDA79B7} - System32\Tasks\RealDownloader Update Check => c:\program files (x86)\real\realplayer\downloader2.exe [1186728 2022-09-30] (RealNetworks, Inc. -> )
Task: {781673D0-75A6-4F2A-8AAD-D66ED18DE8D3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2783459921-2061380807-1874723180-1002 => c:\program files (x86)\real\realplayer\realupgrade.exe [130472 2022-09-30] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {787B9486-823B-4895-83F0-981000C19CCF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9428219A-04EA-4E67-AE9A-0C12A0D4D832} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C2CC5A45-E192-4E2E-A1B9-F751980F1944} - System32\Tasks\CCleanerSkipUAC - weedm => C:\Program Files\CCleaner\CCleaner.exe [32204304 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E8D38592-81E3-49A8-95A6-8563ACC5C847} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2783459921-2061380807-1874723180-1002 => c:\program files (x86)\real\realplayer\realupgrade.exe [130472 2022-09-30] (RealNetworks, Inc. -> RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2fef7f82-b0a8-4deb-b0d4-baa3727feb70}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge Profile: C:\Users\weedm\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-02]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\weedm\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2022-09-19]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
 
FireFox:
========
FF Plugin-x32: @real.com/nppl3260;version=22.0.0.321 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2022-09-30] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=22.0.0.321 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2022-09-30] (RealNetworks, Inc. -> RealPlayer)
 
Chrome: 
=======
CHR DefaultProfile: Profile 3
CHR Profile: C:\Users\weedm\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-10-02]
CHR Profile: C:\Users\weedm\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-10-03]
CHR Notifications: Profile 3 -> hxxps://web.skype.com; hxxps://www.youtube.com
CHR HomePage: Profile 3 -> hxxp://www.google.com/
CHR StartupUrls: Profile 3 -> "hxxp://www.hecklerspray.com/kate-dennings-nude-photos","hxxp://com-online.site/en1/en_ptm_05/olist.php?c1=2478886&c2=&c3=12dadbc54ba5e37cceb5a5e07af600fd&c4=&c5=&c6=&c7=MG5506687s289040&c8=&c9=4&c10=1&campId=786","hxxps://victoriahearts.com/#chat/id/5751271_8492706","hxxps://mail.google.com/mail/u/0/#inbox/1611c0ba757a0163","hxxps://answers.microsoft.com/en-us/outlook_com/forum/oaccount-omyinfo/this-email-address-is-part-of-a-reserved-domain/33c3595f-b897-4e67-b14b-c3b921d1ec51?auth=1","hxxps://account.microsoft.com/devices/content","hxxps://www.microsoft.com/en-us/store/movies-and-tv?ocid=amc-devices-videopage&rtc=1"
CHR Extension: (Google Docs Offline) - C:\Users\weedm\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-19]
CHR Extension: (Space) - C:\Users\weedm\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hepnfgiockihbakjbhonkinpagbkaobo [2022-09-19]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\weedm\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-09-19]
CHR Extension: (User JavaScript and CSS) - C:\Users\weedm\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nbhcbdghjpllgmfilhnhkllmkecfmpld [2022-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\weedm\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-19]
CHR Profile: C:\Users\weedm\AppData\Local\Google\Chrome\User Data\System Profile [2022-10-02]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-04-21] (BattlEye Innovations e.K. -> )
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-09-18] (Malwarebytes Inc. -> Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [11010368 2021-10-07] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S4 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [3595776 2021-06-26] (Microsoft Corporation) [File not signed]
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [38856 2022-09-07] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [991168 2022-09-30] (RealNetworks, Inc. -> RealNetworks, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S4 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\105.0.1343.53\elevation_service.exe" [X]
S4 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_df0bee9f4cb9436e\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_df0bee9f4cb9436e\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S4 Rockstar Service; "G:\Program Files\GTA V\Launcher\RockstarService.exe" [X]
S4 ucldr_battlegrounds_gl; "C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe" [X]
S2 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
S4 zksvc; "C:\Program Files\Common Files\PUBG\zksvc.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2020-11-18] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [63032 2022-07-08] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-09-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2729456 2021-08-11] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-03 13:49 - 2022-10-03 13:49 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-10-03 10:38 - 2022-10-03 12:01 - 000001032 _____ C:\Users\weedm\Downloads\Documents.lnk
2022-10-03 09:33 - 2022-10-03 09:33 - 015274968 _____ (ESET) C:\Users\weedm\Downloads\esetonlinescanner.exe
2022-10-03 09:12 - 2022-10-03 14:24 - 000000000 ____D C:\FRST
2022-10-03 08:49 - 2022-10-03 08:49 - 013471344 _____ C:\Users\weedm\Downloads\mb-support-1.8.7.918.exe
2022-10-03 08:30 - 2022-10-03 08:30 - 000852798 _____ C:\Users\weedm\Downloads\SecurityCheck.exe
2022-10-03 06:16 - 2022-10-03 06:16 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-10-02 21:58 - 2022-10-02 21:58 - 000000000 ____D C:\ProgramData\Piriform
2022-10-02 21:04 - 2022-10-03 09:04 - 000003416 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2022-10-02 21:04 - 2022-10-03 09:04 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2022-10-02 21:04 - 2022-10-03 09:04 - 000000000 ____D C:\Program Files\CCleaner
2022-10-02 21:04 - 2022-10-02 21:04 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-10-02 21:04 - 2022-10-02 21:04 - 000002904 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - weedm
2022-10-02 21:04 - 2022-10-02 21:04 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2022-10-02 21:04 - 2022-10-02 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-10-02 21:03 - 2022-10-02 21:03 - 051921904 _____ (Piriform Software Ltd) C:\Users\weedm\Downloads\ccsetup604_pro_trial.exe
2022-10-02 01:20 - 2022-10-02 01:20 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2022-10-02 01:20 - 2022-10-02 01:20 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2022-10-02 01:20 - 2022-10-02 01:20 - 000012251 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-10-02 01:18 - 2022-10-02 01:18 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2022-10-02 01:17 - 2022-10-02 01:17 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-10-02 01:17 - 2022-10-02 01:17 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-10-02 01:03 - 2022-10-02 01:03 - 000000000 ___HD C:\$WinREAgent
2022-09-30 09:37 - 2022-10-03 06:08 - 000003590 _____ C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2783459921-2061380807-1874723180-1002
2022-09-30 09:37 - 2022-10-03 06:08 - 000003530 _____ C:\Windows\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2783459921-2061380807-1874723180-1002
2022-09-30 09:37 - 2022-09-30 09:37 - 000003546 _____ C:\Windows\system32\Tasks\RealDownloader Update Check
2022-09-30 09:36 - 2022-09-30 09:36 - 000202152 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2022-09-30 09:36 - 2022-09-30 09:36 - 000001288 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2022-09-30 09:36 - 2022-09-30 09:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2022-09-18 22:18 - 2022-09-18 22:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoraIsland
2022-09-18 11:22 - 2022-09-18 11:22 - 000000000 ____D C:\Users\weedm\OneDrive
2022-09-18 10:59 - 2022-10-03 06:05 - 000000000 ____D C:\Users\weedm\AppData\Local\CrashDumps
2022-09-18 10:45 - 2022-10-03 04:59 - 000000000 ____D C:\Users\weedm\AppData\Local\mbam
2022-09-18 10:45 - 2022-09-18 10:45 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-09-18 10:45 - 2022-09-18 10:45 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-09-18 10:45 - 2022-09-18 10:44 - 000158640 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-09-18 10:45 - 2022-09-18 10:44 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-09-18 10:44 - 2022-09-18 10:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-09-18 10:44 - 2022-09-18 10:44 - 000000000 ____D C:\Program Files\Malwarebytes
2022-09-18 09:47 - 2022-09-18 09:47 - 000000000 ____D C:\Users\weedm\AppData\Local\Apps\2.0
2022-09-17 14:02 - 2022-09-17 14:02 - 000000000 ____D C:\Program Files\Common Files\INCA Shared
2022-09-17 14:02 - 2021-10-07 00:21 - 011010368 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-03 13:26 - 2021-05-20 18:48 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-03 07:04 - 2021-05-20 18:43 - 000000000 ____D C:\Users\weedm\AppData\Local\D3DSCache
2022-10-03 07:04 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-03 04:52 - 2020-11-19 00:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-10-03 01:47 - 2021-08-31 08:15 - 000000000 ____D C:\Users\weedm\Saved Games\OneDrive\Documents\American Truck Simulator
2022-10-03 01:46 - 2022-03-24 09:19 - 000000000 ____D C:\Users\weedm\AppData\Roaming\LogIt
2022-10-02 23:42 - 2022-02-24 15:46 - 000000000 ____D C:\ProgramData\LogIt
2022-10-02 21:10 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\AppReadiness
2022-10-02 21:08 - 2021-01-05 01:02 - 000000000 ____D C:\Windows\Panther
2022-10-02 20:36 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-02 19:31 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\NDF
2022-10-02 02:34 - 2021-01-04 10:08 - 000840602 _____ C:\Windows\system32\PerfStringBackup.INI
2022-10-02 02:34 - 2019-12-07 02:13 - 000000000 ____D C:\Windows\INF
2022-10-02 02:27 - 2021-01-05 01:02 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-02 02:27 - 2020-11-19 00:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-10-02 02:27 - 2019-12-07 02:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-10-02 02:26 - 2021-05-20 18:41 - 000000000 ____D C:\Users\weedm
2022-10-02 02:19 - 2021-05-20 18:43 - 000000000 ____D C:\Users\weedm\AppData\Local\Packages
2022-10-02 01:34 - 2020-11-19 00:30 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2022-10-02 01:33 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-10-02 01:33 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SystemResources
2022-10-02 01:33 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\oobe
2022-10-02 01:33 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\Provisioning
2022-10-02 01:33 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-10-02 01:33 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\bcastdvr
2022-10-02 01:29 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\CbsTemp
2022-10-02 01:28 - 2019-12-07 02:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2022-10-02 01:28 - 2019-12-07 02:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2022-10-02 01:12 - 2019-12-07 02:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2022-10-02 00:42 - 2021-05-20 18:43 - 000000000 ___RD C:\Users\weedm\3D Objects
2022-10-01 22:13 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\Registration
2022-09-30 12:27 - 2021-05-20 18:49 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-09-30 12:27 - 2021-05-20 18:49 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-09-30 12:26 - 2021-07-17 21:07 - 000000000 ____D C:\ProgramData\WinZip
2022-09-30 09:37 - 2022-08-01 01:20 - 000000000 ____D C:\Users\weedm\AppData\Roaming\Real
2022-09-30 09:36 - 2022-08-01 01:21 - 000506792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2022-09-30 09:36 - 2022-08-01 01:21 - 000355240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2022-09-30 09:36 - 2022-08-01 01:21 - 000279976 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2022-09-30 09:36 - 2022-08-01 01:21 - 000000000 ____D C:\Program Files (x86)\Real
2022-09-30 09:36 - 2022-08-01 01:20 - 000000000 ____D C:\ProgramData\Real
2022-09-20 19:47 - 2022-03-08 12:29 - 000000000 ____D C:\Users\weedm\AppData\Local\DigitalEntitlements
2022-09-20 19:46 - 2022-04-02 18:37 - 000000000 ____D C:\Users\weedm\AppData\Local\FiveM
2022-09-19 21:14 - 2022-03-18 12:36 - 000000000 ____D C:\Users\weedm\Saved Games\OneDrive\Documents\Euro Truck Simulator 2
2022-09-18 10:45 - 2019-12-07 02:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-09-18 09:59 - 2021-12-25 20:40 - 000000000 ____D C:\Users\weedm\AppData\Local\ElevatedDiagnostics
2022-09-17 23:06 - 2019-12-07 02:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-09-13 23:04 - 2021-05-21 10:50 - 000000000 ____D C:\Windows\system32\MRT
2022-09-13 23:03 - 2021-05-21 10:50 - 141646296 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-09-09 07:24 - 2021-05-21 05:31 - 000000000 ____D C:\Users\weedm\AppData\Roaming\discord

2022-09-09 07:23 - 2022-02-03 16:01 - 000000000 ____D C:\Users\weedm\AppData\Local\Discord
2022-09-07 11:21 - 2020-11-19 00:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-09-03 16:20 - 2022-07-18 19:05 - 000000000 ____D C:\Users\weedm\AppData\Local\DayZ
2022-09-03 16:20 - 2021-05-21 06:23 - 000000000 ____D C:\Users\weedm\AppData\Local\DayZ Launcher
2022-09-03 07:46 - 2022-03-03 23:24 - 000000000 ____D C:\Users\weedm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
 
==================== Files in the root of some directories ========
 
2021-06-12 11:53 - 2022-09-01 14:50 - 000007606 _____ () C:\Users\weedm\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

 


  • 0

#185
farbar

farbar

    Developer

  • Expert
  • 503 posts

Hello,

 

I was on vacation and could not attend to your post earlier. This thread is meant for comments on the FRST updates. For malware removal please post start a topic in the malware removal section. Thank you.

 

 

Tutorial is now hosted on BleepingComputer: Link


  • 1





Also tagged with one or more of these keywords: FRST, farbar, tutorial

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.