Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Worried [Solved]


  • This topic is locked This topic is locked

#1
Eldon123

Eldon123

    Member

  • Member
  • PipPip
  • 23 posts
I'm just wanting to make sure theres nothing bad on my pc, I've downloaded different things on my pc within the last couple months. One thing that stood out was Exitlag, when I was downloading it cmd opened up a couple times, other than that I just wanna make sure theres no viruses or malware on my pc. The "one month" option was enabled by default for the frst64 scan, not sure if that matters.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-03-2021
Ran by Dohnovan (administrator) on DESKTOP-LBHF8BQ (Micro-Star International Co., Ltd MS-7A38) (17-03-2021 17:35:58)
Running from C:\Users\Dohnovan\Desktop
Loaded Profiles: Dohnovan
Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc. -> ) C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AUEPRyzenMasterAC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0361132.inf_amd64_1f7832db1fb1721f\B361196\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0361132.inf_amd64_1f7832db1fb1721f\B361196\atiesrxx.exe
(A-Volute -> ) C:\Program Files\SteelSeries\SS Audio\Foundation\SSAudioSvc32.exe
(A-Volute -> ) C:\Program Files\SteelSeries\SS Audio\Foundation\x64\SSAudioSvc64.exe
(Discord Inc. -> Discord Inc.) C:\Users\Dohnovan\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <27>
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> ) C:\Program Files (x86)\ExitLag\ExitLag.exe
(SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2>
Failed to access process -> Wow.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [68822328 2020-12-09] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [915848 2020-03-30] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514920 2021-02-17] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Discord] => C:\Users\Dohnovan\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [MicrosoftEdgeAutoLaunch_00A5886472D738EB72DDF8FA2142FB70] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514920 2021-02-17] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-15] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\89.1.21.77\Installer\chrmstp.exe [2021-03-16] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2021-03-04]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0637FEC9-06AC-449A-BF4E-E6BED95DCC3A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {08E5B611-4DA5-4724-BF5F-CEB73F9E0C7D} - System32\Tasks\SSAudioSvc64Run => C:\Program Files\Steelseries\SS Audio\Foundation\x64\SSAudioSvc64.exe [797088 2020-01-08] (A-Volute -> )
Task: {0928E190-F287-4F5C-B4C2-C91EBEF0A617} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {2056852B-7FD2-4A15-B3BB-A572538B873D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {2AFE60A3-3C00-4AF5-BFF5-8D96C9C8F860} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {3CC61B8F-270F-4917-8C77-21D41ED095BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3CDC5251-0B55-4A4A-9579-2488F886DFF1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {40A3F6A7-F257-4902-A390-7DCFD5A91E29} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C2698A0-2081-41C8-BED8-AC4ED59CE7D4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {505D63DD-6A8F-45D9-85F7-1EC3191CFFC0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {568E4EEF-5E99-4C66-B8E9-DA74BFF2DCA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {72272DFC-049E-46D5-8C98-9563407B5D9D} - System32\Tasks\SSAudioSvc32Run => C:\Program Files\Steelseries\SS Audio\Foundation\SSAudioSvc32.exe [1299872 2020-01-08] (A-Volute -> )
Task: {74179A8A-C0E8-414F-A534-60A61959BC6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7D175ED4-61FE-450C-9073-38242E442B00} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {7D484749-46DF-40A9-AF50-007BE595726C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {90BC0D96-AECB-403D-9A9C-3A89920BEF3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9FF808B4-FEF0-4422-BECB-E25DFD0F53E5} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15019488 2021-02-21] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {A51BF9E0-8AF7-4CB0-8349-B9473E451198} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {B6928123-FBFA-4D0E-91EA-C81EB0C167C8} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BC2173B5-C39F-40B2-99E4-F41B28F26961} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {BEAB7D25-06AE-4903-8869-D1451610EAE1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C79BF558-573A-4BB0-A5A6-A6C79E3FC83F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15019488 2021-02-21] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {E90C32A5-7EE5-42DC-97BD-B7CEDA264326} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1a8f5a04-83c8-490b-b4bc-64e8c2c6fd6d}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1cd6b0cf-5059-4ef2-9609-a8d02c0c81b4}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{3c01823b-a919-4197-a2ce-b7ef6cd5d03a}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{57a5de9c-d2e2-48be-96b9-44b1389dcc84}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8f09853e-c450-47d3-b7bc-5aedbe848278}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{dad6bf82-733a-495c-84a7-154afa6ad446}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e0510115-42dc-46d8-842a-cc54eeda8aa9}: [DhcpNameServer] 10.0.1.1
 
Edge: 
=======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12]
Edge Extension: (AdGuard AdBlocker) -> EdgeExtension_AdguardAdguardAdBlocker_m055xr0c82818 => C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.3.8.0_neutral__m055xr0c82818 [2020-01-11]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-17]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-02-05]
Edge Extension: (AdGuard AdBlocker) - C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2020-12-24]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default [2021-03-17]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR Extension: (Slides) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-14]
CHR Extension: (Docs) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-14]
CHR Extension: (Google Drive) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-14]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Sheets) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-14]
CHR Extension: (Google Docs Offline) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-11]
CHR Extension: (MetaMask) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-14]
 
Brave: 
=======
BRA Profile: C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-02]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2020-12-27]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2020-12-27]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2020-12-27]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2020-09-19]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-01-02]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [125488 2020-05-26] (Perfect World Entertainment -> Perfect World Entertainment Inc)
R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [61832 2020-11-13] (Advanced Micro Devices, Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-04-17] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [810928 2021-02-26] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5136328 2020-12-21] (SurfRight B.V. -> SurfRight B.V.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-28] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294440 2021-02-17] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533808 2021-01-29] (Razer USA Ltd. -> Razer Inc.)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe [32912 2021-03-03] (SteelSeries ApS -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cpuz149; C:\Users\Dohnovan\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2021-03-15] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [429800 2020-12-21] (SurfRight B.V. -> SurfRight B.V.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-15] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-15] (Malwarebytes Inc -> Malwarebytes)
R1 ndextlag; C:\WINDOWS\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [53656 2020-11-15] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0067; C:\WINDOWS\System32\drivers\RzDev_0067.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_024e; C:\WINDOWS\System32\drivers\RzDev_024e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [135688 2016-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [48848 2020-09-25] (SteelSeries ApS -> SteelSeries ApS)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420072 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2018-02-18] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-19] (Zemana Ltd. -> Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-03-17 17:35 - 2021-03-17 17:38 - 000024619 _____ C:\Users\Dohnovan\Desktop\FRST.txt
2021-03-17 15:39 - 2021-03-17 15:47 - 000000000 ____D C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install) - Copy
2021-03-17 15:24 - 2021-03-17 15:24 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Glitchy_Inc
2021-03-17 15:20 - 2021-03-17 15:20 - 000000000 ____D C:\Users\Dohnovan\Desktop\ModelSwapper
2021-03-17 14:56 - 2021-03-17 14:57 - 004573374 _____ C:\Users\Dohnovan\Downloads\T-morph.zip
2021-03-17 14:02 - 2021-03-17 14:02 - 000000000 ____D C:\Users\Dohnovan\Desktop\Bartender4
2021-03-17 13:53 - 2021-03-17 14:13 - 000000000 ____D C:\Users\Dohnovan\Desktop\AddOns
2021-03-17 13:52 - 2021-03-17 13:53 - 003521778 _____ C:\Users\Dohnovan\Downloads\AddOns.rar
2021-03-17 13:06 - 2021-03-17 13:06 - 000008741 _____ C:\Users\Dohnovan\Desktop\Weakauras imports.txt
2021-03-16 09:43 - 2021-03-16 09:43 - 002533420 _____ C:\Users\Dohnovan\Downloads\Order_Proposed Plea Agreement.pdf
2021-03-15 19:05 - 2021-03-15 19:05 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-03-15 19:05 - 2021-03-15 19:05 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-03-15 11:14 - 2021-03-15 11:15 - 006650778 _____ C:\Users\Dohnovan\Downloads\WeakAuras-WotLK-master.zip
2021-03-11 00:12 - 2021-03-11 00:12 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-11 00:11 - 2021-03-11 00:11 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-11 00:11 - 2021-03-11 00:11 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-11 00:11 - 2021-03-11 00:11 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-11 00:11 - 2021-03-11 00:11 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-11 00:11 - 2021-03-11 00:11 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-11 00:10 - 2021-03-11 00:10 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-11 00:10 - 2021-03-11 00:10 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-11 00:10 - 2021-03-11 00:10 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-11 00:10 - 2021-03-11 00:10 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-11 00:10 - 2021-03-11 00:10 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-09 11:44 - 2021-03-09 11:44 - 011726229 _____ C:\Users\Dohnovan\Desktop\2021-03-09_103532.pdf
2021-03-08 23:22 - 2021-03-08 23:22 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7223659E.sys
2021-03-08 12:03 - 2021-03-08 12:03 - 009214514 _____ C:\Users\Dohnovan\Desktop\2021-03-08_105557.pdf
2021-03-03 18:48 - 2021-03-03 18:48 - 000051385 _____ C:\Users\Dohnovan\Downloads\_NPCScan-3.3.5.5.zip
2021-03-01 22:07 - 2021-03-17 08:27 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\ExitLag
2021-03-01 22:07 - 2021-03-01 22:31 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\ExitLag
2021-03-01 21:55 - 2021-03-02 12:22 - 000000000 ____D C:\Program Files (x86)\ExitLag
2021-03-01 21:55 - 2021-03-01 21:55 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExitLag.lnk
2021-03-01 21:55 - 2021-03-01 21:55 - 000001067 _____ C:\ProgramData\Desktop\ExitLag.lnk
2021-03-01 21:55 - 2018-04-11 14:42 - 000048640 _____ (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME) C:\WINDOWS\system32\Drivers\ndextlag.sys
2021-03-01 21:54 - 2021-03-01 21:54 - 017616504 _____ (ExitLag ) C:\Users\Dohnovan\Downloads\SetupExitLag_v4952.exe
2021-03-01 21:52 - 2021-03-01 21:52 - 000000022 _____ C:\Users\Dohnovan\Desktop\exitlag.txt
2021-03-01 20:52 - 2021-03-08 23:19 - 000007598 _____ C:\Users\Dohnovan\AppData\Local\Resmon.ResmonCfg
2021-02-26 20:21 - 2021-02-26 20:21 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-02-26 19:04 - 2021-02-26 19:04 - 000000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert.lnk
2021-02-26 19:04 - 2021-02-26 19:04 - 000000875 _____ C:\ProgramData\Desktop\Black Desert.lnk
2021-02-26 19:04 - 2021-02-26 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert
2021-02-26 19:04 - 2021-02-26 19:04 - 000000000 ____D C:\Pearlabyss
2021-02-26 19:03 - 2021-02-26 19:03 - 030787048 _____ (PearlAbyss Corp. ) C:\Users\Dohnovan\Downloads\BlackDesert_Installer_NA.exe
2021-02-25 18:51 - 2021-02-25 18:51 - 000030948 _____ C:\Users\Dohnovan\Downloads\PreformAVEnabler2.5.zip
2021-02-23 20:06 - 2021-02-24 14:25 - 000000618 _____ C:\Users\Dohnovan\Desktop\Passwords.txt
2021-02-21 16:31 - 2021-02-21 16:31 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-21 16:31 - 2021-02-21 16:31 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-21 16:31 - 2021-02-21 16:30 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-21 16:31 - 2021-02-21 16:30 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-21 16:30 - 2021-02-21 16:30 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-21 16:29 - 2021-02-21 16:29 - 002084016 _____ (Malwarebytes) C:\Users\Dohnovan\Downloads\MBSetup.exe
2021-02-20 17:45 - 2021-02-20 17:45 - 000000026 _____ C:\Users\Dohnovan\Desktop\d&d message from orcs.txt
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-03-17 17:41 - 2020-12-09 20:01 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\discord
2021-03-17 17:40 - 2019-06-19 15:48 - 005756776 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-03-17 17:37 - 2019-06-19 20:30 - 000000000 ____D C:\FRST
2021-03-17 17:35 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-17 17:34 - 2019-06-19 20:29 - 002300928 _____ (Farbar) C:\Users\Dohnovan\Desktop\FRST64.exe
2021-03-17 15:52 - 2020-06-03 11:41 - 000000000 ____D C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)
2021-03-17 15:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-17 09:26 - 2020-06-18 15:49 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-17 09:26 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-17 08:26 - 2021-01-04 11:37 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\AMD_Common
2021-03-17 08:22 - 2020-12-20 10:43 - 000003132 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2021-03-17 08:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-16 21:05 - 2020-06-18 14:32 - 000000000 ____D C:\Users\Dohnovan
2021-03-16 20:50 - 2020-06-18 16:04 - 000004172 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{4C0E0C52-0BCF-4545-B5E0-AA2D9A8EA0A4}
2021-03-16 15:17 - 2020-06-18 15:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-16 08:18 - 2017-12-13 05:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-16 00:04 - 2020-09-19 15:59 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-03-16 00:04 - 2020-09-19 15:59 - 000002330 _____ C:\ProgramData\Desktop\Brave.lnk
2021-03-15 14:03 - 2018-01-14 11:42 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-15 14:03 - 2018-01-14 11:42 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-03-15 09:16 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-15 08:39 - 2020-06-13 10:56 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-15 08:39 - 2020-06-13 10:56 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-15 08:13 - 2020-06-18 16:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-15 08:13 - 2020-06-18 15:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-14 18:16 - 2020-06-18 16:04 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2108490749-413910539-1021375685-1003
2021-03-14 18:15 - 2020-06-18 14:32 - 000002379 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-14 18:15 - 2017-12-09 11:39 - 000000000 ___RD C:\Users\Dohnovan\OneDrive
2021-03-14 17:50 - 2020-06-18 16:04 - 000003824 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-03-14 17:50 - 2020-06-18 16:04 - 000003382 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-03-14 17:50 - 2019-06-20 10:43 - 000000808 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-03-14 12:05 - 2019-06-19 15:54 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2021-03-14 12:04 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-14 12:04 - 2017-04-11 10:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-03-14 12:00 - 2017-03-18 15:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-14 11:56 - 2017-12-09 15:53 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\steelseries-engine-3-client
2021-03-14 11:55 - 2018-04-14 10:45 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\CrashDumps
2021-03-13 22:34 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-13 22:34 - 2017-04-07 15:15 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-11 00:46 - 2020-06-18 15:39 - 000436016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-11 00:20 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-10 23:30 - 2017-12-09 11:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 23:25 - 2017-12-09 11:40 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-09 11:32 - 2017-12-09 19:50 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Packages
2021-03-09 11:27 - 2019-04-05 09:21 - 000000000 ____D C:\Users\Dohnovan\Desktop\mbar
2021-03-09 11:27 - 2019-04-05 09:21 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-03-03 21:52 - 2020-11-02 10:08 - 000003510 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA1d6b1325f7ebb04
2021-03-03 21:52 - 2020-11-02 10:07 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b1323b307d96
2021-03-02 18:27 - 2018-03-13 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2021-03-01 22:33 - 2020-09-21 18:28 - 000000680 _____ C:\Users\Dohnovan\Desktop\ESET Online Scanner.lnk
2021-03-01 16:28 - 2018-05-21 16:36 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\D3DSCache
2021-03-01 13:59 - 2017-12-08 22:06 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-26 22:10 - 2018-05-21 16:18 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\AMD
2021-02-26 20:21 - 2019-06-13 02:11 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\EasyAntiCheat
2021-02-26 19:05 - 2017-12-11 11:45 - 000000000 ____D C:\Users\Dohnovan\Documents\Black Desert
2021-02-24 14:16 - 2019-04-17 13:07 - 000000000 ____D C:\Users\Dohnovan\Desktop\Wotlk addons
2021-02-24 13:24 - 2020-11-29 18:56 - 000000000 ____D C:\Users\Dohnovan\Desktop\Genshin Impact
2021-02-23 13:55 - 2021-01-06 14:50 - 000000090 _____ C:\Users\Dohnovan\Desktop\black desert.txt
2021-02-21 18:50 - 2019-06-20 10:47 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe
2021-02-21 16:31 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-20 07:09 - 2020-11-20 01:36 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
 
==================== Files in the root of some directories ========
 
2017-12-18 14:43 - 2017-12-18 14:43 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2021-03-01 20:52 - 2021-03-08 23:19 - 000007598 _____ () C:\Users\Dohnovan\AppData\Local\Resmon.ResmonCfg
2019-12-02 20:28 - 2019-12-02 20:28 - 000000000 _____ () C:\Users\Dohnovan\AppData\Local\{2E790E1A-D8C4-4654-B4E8-3C78CC7E0B81}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by Dohnovan (17-03-2021 17:42:28)
Running from C:\Users\Dohnovan\Desktop
Windows 10 Home Version 2004 19041.867 (X64) (2020-06-18 22:05:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2108490749-413910539-1021375685-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2108490749-413910539-1021375685-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2108490749-413910539-1021375685-1002 - Limited - Disabled)
Dohnovan (S-1-5-21-2108490749-413910539-1021375685-1003 - Administrator - Enabled) => C:\Users\Dohnovan
Guest (S-1-5-21-2108490749-413910539-1021375685-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2108490749-413910539-1021375685-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
APOInstallerMSISetup (HKLM\...\{5C4734F8-9AF3-4324-A36E-DC147853B2F5}) (Version: 1.2.1101 - Steelseries) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.1.0.17816 - Perfect World Entertainment)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{C9BA81B6-4A0F-454A-B331-81A45A57573E}) (Version: 1.2.1101 - Steelseries) Hidden
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
Black Desert (HKLM-x32\...\BlackDesert_NA_is1) (Version: 1.0 - PearlAbyss Corp.)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.21.77 - Brave Software Inc)
Discord (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Discord) (Version: 0.0.309 - Discord Inc.)
ExitLag version 4 (HKLM-x32\...\{B3117F72-F22D-4DA7-B554-B3F4EDBB408F}_is1) (Version: 4 - ExitLag)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.6.1.0 - miHoYo Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Gyazo 4.1.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.8.889 - SurfRight B.V.)
Intel® Wireless Bluetooth® (HKLM-x32\...\{0E13241D-76B0-4A4C-9665-3969F55C08D5}) (Version: 19.40.1702.1091 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{263d87d0-9772-40be-ab36-eabbdbff49f7}) (Version: 21.20.1 - Intel Corporation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20294 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.54 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.1.0 - Nexon)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20294 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Path of Building version 1.4.137 (HKLM-x32\...\{72FA9AB7-189F-4BDE-8856-72DEB90C157B}_is1) (Version: 1.4.137 - Openarl)
ProductDaemonSetup (HKLM\...\{C31282E4-C1A3-433C-A803-D9ED4A99DC8F}) (Version: 1.2.1101 - Steelseries) Hidden
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.21.1 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.0228.021813 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SSAudio (HKLM-x32\...\{1c112a1f-1120-415d-85ab-7a3de5b0a9c2}) (Version: 1.2.1101 - Steelseries)
SSAudioDaemonMSISetup (HKLM\...\{CDEA766D-38C5-448B-8316-02D01C842E1E}) (Version: 1.2.1101 - Steelseries) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.19.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.19.2 - SteelSeries ApS)
TeamSpeak 3 Client (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
The Witcher 3 Mod Manager (HKLM\...\{B8F09437-C8B5-4DFD-B655-C93E8C05A8DE}) (Version: 0.6.4 - stefan3372)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
 
Packages:
=========
9 zip -> C:\Program Files\WindowsApps\184MagikHub.9zip_3.3.75.0_x64__hvr7qkvwfhvx6 [2020-07-19] (Magik Hub) [MS Ad]
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12] (eyeo GmbH)
AdGuard AdBlocker -> C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.3.8.0_neutral__m055xr0c82818 [2020-01-11] (Performix)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.2.36.0_x86__kgqvnymyfvs32 [2021-02-18] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-03] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.8.13.0_x86__h6adky7gbf63m [2021-03-15] (Gameloft SE)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.40.4001.0_x86__ytsefhwckbdv6 [2021-03-03] (G5 Entertainment AB)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.3.838.0_x64__v10z8vjag6ke6 [2021-03-03] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.4.2.1_x86__h6adky7gbf63m [2021-03-15] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-27] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21005.0_x64__8wekyb3d8bbwe [2021-03-10] (Microsoft Studios)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-05] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2017-12-09] (Plex)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2017-12-27] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2020-12-21] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-07-27 15:14 - 2020-07-27 15:14 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-19 06:40 - 2020-03-19 06:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2020-03-19 06:40 - 2020-03-19 06:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2020-11-13 15:48 - 2020-11-13 15:48 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2021-03-01 21:55 - 2020-10-02 12:28 - 002180096 _____ (Google Inc.) [File not signed] C:\Program Files (x86)\ExitLag\libprotobuf.dll
2019-12-23 10:49 - 2019-12-23 10:49 - 002146304 _____ (Holtek Semiconductor Inc.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\HIDDLL.dll
2019-12-23 10:49 - 2019-12-23 10:49 - 002284032 _____ (Holtek) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\ISPDLL.dll
2021-03-01 21:55 - 2020-10-02 12:26 - 000104960 _____ (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME) [File not signed] C:\Program Files (x86)\ExitLag\ndisapi.dll
2021-03-01 21:55 - 2019-09-17 14:14 - 002153472 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\ExitLag\libcrypto-1_1.dll
2021-03-01 21:55 - 2019-09-17 14:14 - 000499712 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\ExitLag\libssl-1_1.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000058880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-11-13 16:00 - 2020-11-13 16:00 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll => No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 15:03 - 2020-12-29 17:04 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\Dohnovan\AppData\Local\Microsoft\WindowsApps;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
Network Binding:
=============
Wi-Fi: ExitLag Game Booster -> nt_ndextlag (enabled) 
Local Area Connection: ExitLag Game Booster -> nt_ndextlag (enabled) 
Ethernet 2: ExitLag Game Booster -> nt_ndextlag (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "OPENVPN-GUI"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F0412D97-2B69-47C9-BBFB-2ED8469D7CE2}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{54B9FF3F-545D-4E04-86D8-EA8F5621F500}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [UDP Query User{A0E149A6-970C-44C4-AFFC-02FC91A4CB96}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [TCP Query User{C8177E75-DFAB-46C2-B950-CE420F73D664}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{1A19CF1E-D116-42F0-B9A7-384643F19007}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsGOTYEnhanced\Binaries\Win64\Launcher.exe (Gearbox Software) [File not signed]
FirewallRules: [{EB032B57-B507-45D3-A36B-2EB7427FE64F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsGOTYEnhanced\Binaries\Win64\Launcher.exe (Gearbox Software) [File not signed]
FirewallRules: [{8B20679D-6B13-4526-A9F9-DA769BDB75F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [{6194837C-5728-41B2-9102-A3C8FA70A4DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [{E246DB11-0299-4E9E-BAF1-F9600C9E1E87}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F01FBF58-567C-4C2D-9E09-69501E7126D0}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{0C6F481E-F930-4C76-AE5C-202166C80AE3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{3A8F03ED-1DF4-4EFC-AB24-470F3D8E2A04}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A73A6A68-3D6E-4ACB-BB1C-69891D2BC2E1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D98FA1A5-1463-4F80-B944-62DCFE82B0DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{21FC1428-1EFB-47FF-BF78-DB5B1945382E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A8E5B1A0-6D7D-4D9C-96E1-B72039726CC2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3D351B8C-C55C-4E63-8639-18CAD54C17A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{F51AAC48-DBDB-4C61-8F51-A45DA1FA8EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{778DC5E1-C574-45F8-B392-C78E46DEBF4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe () [File not signed]
FirewallRules: [{9D6CABF9-DFDA-4F3C-9AC8-6092BAA007E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe () [File not signed]
FirewallRules: [{8D6BD339-6DB0-4B01-B064-950E1CB534FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{D37551E3-AE21-495A-90C1-0CE6907D3259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{47CDB22F-7783-4CED-BF1C-D9ACDD81E0D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{7F676C03-41AA-4617-AA13-BC0B88A05086}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{F2E459D0-8C52-44F9-B805-AFDA263B500D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{AE0EC883-ECC1-4257-9241-1C9586835901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{2C813A9F-F998-4D44-8B34-6963CF481A47}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{355EBCE9-2330-4B92-8E46-C7C76C402DA4}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [TCP Query User{4F7CACBF-BBB5-428E-B6EE-D1163044D084}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{31B319D4-01B2-48FE-81A7-51110CE771B7}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{732F52FA-463B-4228-8163-A5EC1E0B8C73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{50E286A9-EC43-4A42-82B3-B541B6893C62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{1F8ED8C6-7BC4-4A9D-A0C4-CB325EFD5D6B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{E1E9BDFC-BB39-4D5E-B9CC-F37AA903F734}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{C00B9E7C-48C9-403C-A6C7-EF0F869BEEC6}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [TCP Query User{A233F08F-5982-4711-85E2-A5AB6B2413D6}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [UDP Query User{67787C8A-6E03-4C10-A39A-B801F1DA8CC1}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [{10E915F4-B060-41ED-9099-5EF5FEDC51B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{A1107BB9-D07D-4538-921E-DD81D2AEECB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [TCP Query User{1CCF9CB6-5616-4D68-9F54-857142823256}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [UDP Query User{1E7F3146-2404-4722-94C4-BF984C21F99B}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [{B9560637-801F-41CE-A17C-F3FDC19C0A25}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3962E0D-CDF1-4C1F-8433-70CA4D2E8E5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{9C079169-4035-4C47-9C96-D876628FC9B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{BE5EC272-EEEF-4A15-B949-0B4AA4DF9A49}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EA284918-D546-44FC-90DB-F67C0A01F451}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F99F2C57-33C0-4429-8589-6EA1F26FE6B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{90608AD6-5A3D-4F73-BB7B-228D13F18FB6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2DDA88AE-D073-4B3F-B7A0-7B4FD068EBE8}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E619D90D-C5F3-40ED-8654-29CC2D7D08FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{304858AA-A688-487C-A602-D1C56977B327}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{3C8259D2-1A91-44B8-8DFA-BBD1A4168051}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{FE4ABDBA-043A-4FAD-9F87-06E0960521B1}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
 
==================== Restore Points =========================
 
28-02-2021 22:14:21 Scheduled Checkpoint
10-03-2021 22:27:10 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/17/2021 10:56:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3344
 
Start Time: 01d71b3ea7e4e14c
 
Termination Time: 14
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
 
Report Id: 517579c0-5d33-4065-a21f-536687a2f104
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (03/17/2021 08:22:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GameBar.exe version 5.521.2012.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 17a8
 
Start Time: 01d71b37985c2a74
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe
 
Report Id: 3c724c15-e40e-4164-9683-9f155a7eff1a
 
Faulting package full name: Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Hang type: Navigation
 
Error: (03/16/2021 03:56:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 243c
 
Start Time: 01d71aab5104b321
 
Termination Time: 10
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
 
Report Id: 63b60fc6-6c72-4f02-a04b-398c8bb2a644
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (03/15/2021 11:26:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2d9c
 
Start Time: 01d719c02926a01d
 
Termination Time: 9
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
 
Report Id: 27dffeda-7556-4464-a889-0f4e8d5fd537
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (03/15/2021 09:32:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.844 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: bf8
 
Start Time: 01d719b034dacbc4
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 
Report Id: 2d269dc0-94c9-4cb2-9f6f-afc326825b03
 
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: CortanaUI
 
Hang type: Activation
 
Error: (03/15/2021 09:29:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 398c
 
Start Time: 01d719afbc55b003
 
Termination Time: 12
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
 
Report Id: 49c4af0e-9d16-4b96-8a4c-a26b1454cd8b
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (03/15/2021 09:26:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 23bc
 
Start Time: 01d719abbb44fc0c
 
Termination Time: 48
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
 
Report Id: 61f1a132-0c03-46e7-83e6-6dfe58c20a09
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (03/14/2021 11:55:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlackDesert64.exe, version: 0.0.0.0, time stamp: 0x6049a1a4
Faulting module name: BlackDesert64.exe, version: 0.0.0.0, time stamp: 0x6049a1a4
Exception code: 0xc0000005
Fault offset: 0x00000000017ffb64
Faulting process id: 0x112c
Faulting application start time: 0x01d718f7b4a82dcf
Faulting application path: C:\Pearlabyss\BlackDesert\bin64\BlackDesert64.exe
Faulting module path: C:\Pearlabyss\BlackDesert\bin64\BlackDesert64.exe
Report Id: c02edaef-139e-42ad-9ee4-33c4c951e46f
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (03/16/2021 09:06:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Razer Synapse Service service.
 
Error: (03/16/2021 09:05:37 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-LBHF8BQ)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.
 
Error: (03/15/2021 08:13:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NcbService service terminated with the following error: 
A device attached to the system is not functioning.
 
Error: (03/15/2021 08:13:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:25:09 AM on ‎3/‎15/‎2021 was unexpected.
 
Error: (03/14/2021 06:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (03/14/2021 06:03:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
 
Error: (03/14/2021 06:03:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (03/14/2021 06:03:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
 
 
Windows Defender:
================
Date: 2021-03-17 15:48:55
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-14 10:46:12
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-13 21:15:08
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-12 09:18:35
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-10 12:49:53
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-06 08:27:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.331.2515.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2021-03-06 08:27:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.331.2515.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2021-03-06 08:27:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.331.2515.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2021-03-06 08:25:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.331.2350.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x80070643
Error description: Fatal error during installation. 
 
CodeIntegrity:
===============
Date: 2020-12-31 15:28:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-31 04:40:22
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1.51 05/02/2017
Motherboard: Micro-Star International Co., Ltd B350M BAZOOKA (MS-7A38)
Processor: AMD Ryzen 5 1400 Quad-Core Processor 
Percentage of memory in use: 80%
Total physical RAM: 8144.69 MB
Available physical RAM: 1554.68 MB
Total Virtual: 17360.69 MB
Available Virtual: 5053.55 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:122.08 GB) NTFS
 
\\?\Volume{34b487b2-1f24-455b-888b-88fe24145180}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{7c6e70a3-6b38-47db-a32a-880393128539}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1BA58450)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, Eldon123.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
====================================
 
Here are my comments/instructions regarding your logs:
 
 
1. Antivirus software remnants
 
There are remnants signs of antivirus software which is not now installed in your computer.
 
Spybot - Search and Destroy
Bitdefender Antivirus Free Antimalware
 
To remove them,
 
Download the 64-bit AV Remover by Eset and save it on your Desktop.
Follow the instructions here to remove the above programs.
 
If nothing is found, please

  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
Bitdefender Antivirus Free Antimalware
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the Bitdefender Antivirus Free Antimalware items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.

Repeat the above procedure for Spybot - Search and Destroy.
 
If Revo doesn't find anything, please report back.
 
 
2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL =
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll => No File
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "BitTorrent"
FirewallRules: [{E1E9BDFC-BB39-4D5E-B9CC-F37AA903F734}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{C00B9E7C-48C9-403C-A6C7-EF0F869BEEC6}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [TCP Query User{A233F08F-5982-4711-85E2-A5AB6B2413D6}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [UDP Query User{67787C8A-6E03-4C10-A39A-B801F1DA8CC1}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [TCP Query User{1CCF9CB6-5616-4D68-9F54-857142823256}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [UDP Query User{1E7F3146-2404-4722-94C4-BF984C21F99B}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-19] (Zemana Ltd. -> Zemana Ltd.)
C:\WINDOWS\system32\hmpshell.dll
C:\Users\Dohnovan\AppData\Roaming\BitTorrent
C:\WINDOWS\System32\drivers\zamguard64.sys
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

3. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

4. Run Malwarebytes (Scan mode)

  • Open Malwarebytes you have already installed in your computer.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options ARE CHECKED.
    Under the title Windows Security Center (Premium only) the option is NOT CHECKED.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The fixlog.txt
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report
  • What happened when you tried to uninstall Spybot and BitDefender

  • 0

#3
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by Dohnovan (18-03-2021 16:41:20) Run:2
Running from C:\Users\Dohnovan\Desktop
Loaded Profiles: Dohnovan
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL =
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll => No File
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "BitTorrent"
FirewallRules: [{E1E9BDFC-BB39-4D5E-B9CC-F37AA903F734}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{C00B9E7C-48C9-403C-A6C7-EF0F869BEEC6}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [TCP Query User{A233F08F-5982-4711-85E2-A5AB6B2413D6}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [UDP Query User{67787C8A-6E03-4C10-A39A-B801F1DA8CC1}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [TCP Query User{1CCF9CB6-5616-4D68-9F54-857142823256}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [UDP Query User{1E7F3146-2404-4722-94C4-BF984C21F99B}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-19] (Zemana Ltd. -> Zemana Ltd.)
C:\WINDOWS\system32\hmpshell.dll
C:\Users\Dohnovan\AppData\Roaming\BitTorrent
C:\WINDOWS\System32\drivers\zamguard64.sys
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"=> value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"=> value restored successfully
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DFAEECB9-2C31-4635-BFCD-485BAEABDD31} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F} => removed successfully
"HKU\S-1-5-21-2108490749-413910539-1021375685-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BitTorrent" => removed successfully
"HKU\S-1-5-21-2108490749-413910539-1021375685-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BitTorrent" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1E9BDFC-BB39-4D5E-B9CC-F37AA903F734}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C00B9E7C-48C9-403C-A6C7-EF0F869BEEC6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A233F08F-5982-4711-85E2-A5AB6B2413D6}C:\users\dohnovan\desktop\tauri launcher\launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{67787C8A-6E03-4C10-A39A-B801F1DA8CC1}C:\users\dohnovan\desktop\tauri launcher\launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1CCF9CB6-5616-4D68-9F54-857142823256}C:\users\dohnovan\desktop\tauri launcher\launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1E7F3146-2404-4722-94C4-BF984C21F99B}C:\users\dohnovan\desktop\tauri launcher\launcher.exe" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin => removed successfully
ZAM_Guard => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\ZAM_Guard => removed successfully
ZAM_Guard => service removed successfully
C:\WINDOWS\system32\hmpshell.dll => moved successfully
C:\Users\Dohnovan\AppData\Roaming\BitTorrent => moved successfully
C:\WINDOWS\System32\drivers\zamguard64.sys => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 191566111 B
Java, Flash, Steam htmlcache => 394502716 B
Windows/system/drivers => 37394697 B
Edge => 52142 B
Chrome => 525130608 B
Brave => 9522498 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 100932 B
NetworkService => 6396826 B
Dohnovan => 366832694 B
 
RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:48:13 ====
 
 
# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build:    12-17-2019
# Database: 2019-12-17.1 (Local)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-18-2021
# Duration: 00:02:13
# OS:       Windows 10 Home
# Scanned:  35232
# Detected: 3
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
PUP.Optional.Legacy             C:\END
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.SafePCKit          HKCU\Software\Sunisoft
PUP.Optional.SafePCKit          HKLM\Software\Wow6432Node\Sunisoft
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
AdwCleaner[S00].txt - [1739 octets] - [20/06/2019 21:37:29]
AdwCleaner[C00].txt - [1793 octets] - [20/06/2019 21:38:14]
AdwCleaner[S01].txt - [1397 octets] - [21/06/2019 02:31:34]
AdwCleaner[C01].txt - [1563 octets] - [21/06/2019 02:31:59]
AdwCleaner[S02].txt - [1494 octets] - [21/06/2019 12:53:32]
AdwCleaner[S03].txt - [1555 octets] - [01/07/2019 20:12:05]
AdwCleaner[S04].txt - [2129 octets] - [17/07/2019 10:45:06]
AdwCleaner[C04].txt - [2259 octets] - [17/07/2019 10:47:07]
AdwCleaner[S05].txt - [1814 octets] - [18/12/2019 20:27:19]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S06].txt ##########
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/18/21
Scan Time: 5:05 PM
Log File: 7dfdcf2e-883e-11eb-8774-309c233d71bf.json
 
-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1217
Update Package Version: 1.0.38353
License: Free
 
-System Information-
OS: Windows 10 (Build 19041.867)
CPU: x64
File System: NTFS
User: DESKTOP-LBHF8BQ\Dohnovan
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 293811
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 15 min, 23 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
When I tried to uninstall Spybot/Bitdefender it didn't work, the first program didn't show anything that could be removed, and the second one didn't show either of them in the list.

  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, Eldon123.
 
Thank you for the logs.
 
Malwarebytes didn't detect anything malicious, but AdwCleaner did. Let's clean.
 
1. AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it (No preinstalled software was found in your machine, so you will go over these steps).
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

3. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[C0*].txt
  • The fixlog.txt
  • The fresh logs, FRST.txt and Addition.txt
  • Any question/concern/issue regarding this computer

  • 0

#5
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build:    02-15-2021
# Database: 2021-03-09.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-19-2021
# Duration: 00:01:07
# OS:       Windows 10 Home
# Scanned:  3778
# Detected: 3
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
PUP.Optional.Legacy             C:\END
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.SafePCKit          HKCU\Software\Sunisoft
PUP.Optional.SafePCKit          HKLM\Software\Wow6432Node\Sunisoft
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
AdwCleaner[S00].txt - [1739 octets] - [20/06/2019 21:37:29]
AdwCleaner[C00].txt - [1793 octets] - [20/06/2019 21:38:14]
AdwCleaner[S01].txt - [1397 octets] - [21/06/2019 02:31:34]
AdwCleaner[C01].txt - [1563 octets] - [21/06/2019 02:31:59]
AdwCleaner[S02].txt - [1494 octets] - [21/06/2019 12:53:32]
AdwCleaner[S03].txt - [1555 octets] - [01/07/2019 20:12:05]
AdwCleaner[S04].txt - [2129 octets] - [17/07/2019 10:45:06]
AdwCleaner[C04].txt - [2259 octets] - [17/07/2019 10:47:07]
AdwCleaner[S05].txt - [1814 octets] - [18/12/2019 20:27:19]
AdwCleaner[S06].txt - [1974 octets] - [18/03/2021 17:04:20]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S07].txt ##########
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by Dohnovan (19-03-2021 09:36:05) Run:3
Running from C:\Users\Dohnovan\Desktop
Loaded Profiles: Dohnovan
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}" => removed successfully
"AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12703758 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 934959 B
Edge => 0 B
Chrome => 53310298 B
Brave => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1874 B
Dohnovan => 22053712 B
 
RecycleBin => 1086 B
EmptyTemp: => 95.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:37:37 ====
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-03-2021
Ran by Dohnovan (administrator) on DESKTOP-LBHF8BQ (Micro-Star International Co., Ltd MS-7A38) (19-03-2021 10:20:08)
Running from C:\Users\Dohnovan\Desktop
Loaded Profiles: Dohnovan
Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc. -> ) C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AUEPRyzenMasterAC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0361132.inf_amd64_1f7832db1fb1721f\B361196\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0361132.inf_amd64_1f7832db1fb1721f\B361196\atiesrxx.exe
(A-Volute -> ) C:\Program Files\SteelSeries\SS Audio\Foundation\SSAudioSvc32.exe
(A-Volute -> ) C:\Program Files\SteelSeries\SS Audio\Foundation\x64\SSAudioSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [68822328 2020-12-09] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [915848 2020-03-30] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514920 2021-02-17] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Discord] => C:\Users\Dohnovan\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [MicrosoftEdgeAutoLaunch_00A5886472D738EB72DDF8FA2142FB70] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514920 2021-02-17] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-15] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\89.1.21.77\Installer\chrmstp.exe [2021-03-16] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2021-03-04]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0637FEC9-06AC-449A-BF4E-E6BED95DCC3A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {08E5B611-4DA5-4724-BF5F-CEB73F9E0C7D} - System32\Tasks\SSAudioSvc64Run => C:\Program Files\Steelseries\SS Audio\Foundation\x64\SSAudioSvc64.exe [797088 2020-01-08] (A-Volute -> )
Task: {0928E190-F287-4F5C-B4C2-C91EBEF0A617} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {2056852B-7FD2-4A15-B3BB-A572538B873D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {2AFE60A3-3C00-4AF5-BFF5-8D96C9C8F860} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {3CC61B8F-270F-4917-8C77-21D41ED095BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3CDC5251-0B55-4A4A-9579-2488F886DFF1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {40A3F6A7-F257-4902-A390-7DCFD5A91E29} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C2698A0-2081-41C8-BED8-AC4ED59CE7D4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {505D63DD-6A8F-45D9-85F7-1EC3191CFFC0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {568E4EEF-5E99-4C66-B8E9-DA74BFF2DCA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {72272DFC-049E-46D5-8C98-9563407B5D9D} - System32\Tasks\SSAudioSvc32Run => C:\Program Files\Steelseries\SS Audio\Foundation\SSAudioSvc32.exe [1299872 2020-01-08] (A-Volute -> )
Task: {74179A8A-C0E8-414F-A534-60A61959BC6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7B64D355-B42F-4735-81C4-5348B2D80A94} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7D175ED4-61FE-450C-9073-38242E442B00} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {7D484749-46DF-40A9-AF50-007BE595726C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {90BC0D96-AECB-403D-9A9C-3A89920BEF3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9FF808B4-FEF0-4422-BECB-E25DFD0F53E5} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15019488 2021-02-21] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {B6928123-FBFA-4D0E-91EA-C81EB0C167C8} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BC2173B5-C39F-40B2-99E4-F41B28F26961} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {BEAB7D25-06AE-4903-8869-D1451610EAE1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C79BF558-573A-4BB0-A5A6-A6C79E3FC83F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15019488 2021-02-21] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {E90C32A5-7EE5-42DC-97BD-B7CEDA264326} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1a8f5a04-83c8-490b-b4bc-64e8c2c6fd6d}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1cd6b0cf-5059-4ef2-9609-a8d02c0c81b4}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{3c01823b-a919-4197-a2ce-b7ef6cd5d03a}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{57a5de9c-d2e2-48be-96b9-44b1389dcc84}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8f09853e-c450-47d3-b7bc-5aedbe848278}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{dad6bf82-733a-495c-84a7-154afa6ad446}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e0510115-42dc-46d8-842a-cc54eeda8aa9}: [DhcpNameServer] 10.0.1.1
 
Edge: 
=======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12]
Edge Extension: (AdGuard AdBlocker) -> EdgeExtension_AdguardAdguardAdBlocker_m055xr0c82818 => C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.3.8.0_neutral__m055xr0c82818 [2020-01-11]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-19]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-02-05]
Edge Extension: (AdGuard AdBlocker) - C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2020-12-24]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default [2021-03-19]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR Extension: (Slides) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-14]
CHR Extension: (Docs) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-14]
CHR Extension: (Google Drive) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-14]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Sheets) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-14]
CHR Extension: (Google Docs Offline) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-11]
CHR Extension: (MetaMask) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-14]
 
Brave: 
=======
BRA Profile: C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-03-18]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2020-12-27]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2020-12-27]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2020-12-27]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2020-09-19]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-01-02]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [125488 2020-05-26] (Perfect World Entertainment -> Perfect World Entertainment Inc)
R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [61832 2020-11-13] (Advanced Micro Devices, Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-04-17] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [810928 2021-02-26] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5136328 2020-12-21] (SurfRight B.V. -> SurfRight B.V.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-28] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294440 2021-02-17] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533808 2021-01-29] (Razer USA Ltd. -> Razer Inc.)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe [32912 2021-03-03] (SteelSeries ApS -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 cpuz149; C:\Users\Dohnovan\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2021-03-18] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [429800 2020-12-21] (SurfRight B.V. -> SurfRight B.V.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-15] (Malwarebytes Inc -> Malwarebytes)
R1 ndextlag; C:\WINDOWS\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [53656 2020-11-15] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0067; C:\WINDOWS\System32\drivers\RzDev_0067.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_024e; C:\WINDOWS\System32\drivers\RzDev_024e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [135688 2016-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [48848 2020-09-25] (SteelSeries ApS -> SteelSeries ApS)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420072 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2018-02-18] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-03-19 09:27 - 2021-03-19 09:27 - 008463216 _____ (Malwarebytes) C:\Users\Dohnovan\Desktop\adwcleaner_8.1.exe
2021-03-19 09:23 - 2021-03-19 09:23 - 002831016 _____ C:\Users\Dohnovan\Downloads\2021-03-19_091715.pdf
2021-03-19 09:19 - 2021-03-19 09:19 - 002831016 _____ C:\Users\Dohnovan\Desktop\2021-03-19_091715.pdf
2021-03-18 17:26 - 2021-03-18 17:26 - 000001233 _____ C:\Users\Dohnovan\Desktop\malwarebytes.txt
2021-03-18 16:59 - 2021-03-18 16:59 - 000001351 _____ C:\Users\Dohnovan\Desktop\RevoUnin.exe - Shortcut.lnk
2021-03-18 16:41 - 2021-03-19 09:37 - 000001585 _____ C:\Users\Dohnovan\Desktop\Fixlog.txt
2021-03-18 16:27 - 2021-03-18 16:27 - 000000000 ____D C:\Users\Dohnovan\Desktop\VS Revo Group
2021-03-18 16:27 - 2021-03-18 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-03-18 16:25 - 2021-03-18 16:26 - 007461704 _____ (VS Revo Group ) C:\Users\Dohnovan\Desktop\revosetup.exe
2021-03-18 16:21 - 2021-03-18 16:21 - 012792104 _____ (ESET) C:\Users\Dohnovan\Desktop\avremover_nt64_enu.exe
2021-03-18 10:39 - 2021-03-18 10:39 - 002533420 _____ C:\Users\Dohnovan\Downloads\Order_Proposed Plea Agreement (1).pdf
2021-03-18 10:39 - 2021-03-18 10:39 - 000230620 _____ C:\Users\Dohnovan\Downloads\Mail-in app for ACJC - updated 06.21.2019 (1).pdf
2021-03-18 10:29 - 2021-03-18 10:29 - 000230620 _____ C:\Users\Dohnovan\Downloads\Mail-in app for ACJC - updated 06.21.2019.pdf
2021-03-18 10:12 - 2021-03-18 10:12 - 000165275 _____ C:\Users\Dohnovan\Downloads\Motion for Declaration of Indigency and Waiver of Fines.pdf
2021-03-17 18:14 - 2021-03-17 18:14 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4751D52E.sys
2021-03-17 17:42 - 2021-03-17 17:47 - 000051350 _____ C:\Users\Dohnovan\Desktop\Addition.txt
2021-03-17 17:35 - 2021-03-19 10:22 - 000023925 _____ C:\Users\Dohnovan\Desktop\FRST.txt
2021-03-17 15:39 - 2021-03-17 15:47 - 000000000 ____D C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install) - Copy
2021-03-17 15:24 - 2021-03-17 15:24 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Glitchy_Inc
2021-03-17 15:20 - 2021-03-17 15:20 - 000000000 ____D C:\Users\Dohnovan\Desktop\ModelSwapper
2021-03-17 14:56 - 2021-03-17 14:57 - 004573374 _____ C:\Users\Dohnovan\Downloads\T-morph.zip
2021-03-17 14:02 - 2021-03-17 14:02 - 000000000 ____D C:\Users\Dohnovan\Desktop\Bartender4
2021-03-17 13:53 - 2021-03-17 14:13 - 000000000 ____D C:\Users\Dohnovan\Desktop\AddOns
2021-03-17 13:52 - 2021-03-17 13:53 - 003521778 _____ C:\Users\Dohnovan\Downloads\AddOns.rar
2021-03-17 13:06 - 2021-03-17 13:06 - 000008741 _____ C:\Users\Dohnovan\Desktop\Weakauras imports.txt
2021-03-16 09:43 - 2021-03-16 09:43 - 002533420 _____ C:\Users\Dohnovan\Downloads\Order_Proposed Plea Agreement.pdf
2021-03-15 19:05 - 2021-03-15 19:05 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-03-15 11:14 - 2021-03-15 11:15 - 006650778 _____ C:\Users\Dohnovan\Downloads\WeakAuras-WotLK-master.zip
2021-03-11 00:12 - 2021-03-11 00:12 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-11 00:11 - 2021-03-11 00:11 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-11 00:11 - 2021-03-11 00:11 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-11 00:11 - 2021-03-11 00:11 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-11 00:11 - 2021-03-11 00:11 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-11 00:11 - 2021-03-11 00:11 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-11 00:10 - 2021-03-11 00:10 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-11 00:10 - 2021-03-11 00:10 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-11 00:10 - 2021-03-11 00:10 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-11 00:10 - 2021-03-11 00:10 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-11 00:10 - 2021-03-11 00:10 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-08 23:22 - 2021-03-08 23:22 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7223659E.sys
2021-03-03 18:48 - 2021-03-03 18:48 - 000051385 _____ C:\Users\Dohnovan\Downloads\_NPCScan-3.3.5.5.zip
2021-03-01 22:07 - 2021-03-18 19:43 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\ExitLag
2021-03-01 22:07 - 2021-03-01 22:31 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\ExitLag
2021-03-01 21:55 - 2021-03-02 12:22 - 000000000 ____D C:\Program Files (x86)\ExitLag
2021-03-01 21:55 - 2021-03-01 21:55 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExitLag.lnk
2021-03-01 21:55 - 2021-03-01 21:55 - 000001067 _____ C:\ProgramData\Desktop\ExitLag.lnk
2021-03-01 21:55 - 2018-04-11 14:42 - 000048640 _____ (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME) C:\WINDOWS\system32\Drivers\ndextlag.sys
2021-03-01 21:54 - 2021-03-01 21:54 - 017616504 _____ (ExitLag ) C:\Users\Dohnovan\Downloads\SetupExitLag_v4952.exe
2021-03-01 21:52 - 2021-03-01 21:52 - 000000022 _____ C:\Users\Dohnovan\Desktop\exitlag.txt
2021-03-01 20:52 - 2021-03-08 23:19 - 000007598 _____ C:\Users\Dohnovan\AppData\Local\Resmon.ResmonCfg
2021-02-26 20:21 - 2021-02-26 20:21 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-02-26 19:04 - 2021-02-26 19:04 - 000000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert.lnk
2021-02-26 19:04 - 2021-02-26 19:04 - 000000875 _____ C:\ProgramData\Desktop\Black Desert.lnk
2021-02-26 19:04 - 2021-02-26 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert
2021-02-26 19:04 - 2021-02-26 19:04 - 000000000 ____D C:\Pearlabyss
2021-02-26 19:03 - 2021-02-26 19:03 - 030787048 _____ (PearlAbyss Corp. ) C:\Users\Dohnovan\Downloads\BlackDesert_Installer_NA.exe
2021-02-25 18:51 - 2021-02-25 18:51 - 000030948 _____ C:\Users\Dohnovan\Downloads\PreformAVEnabler2.5.zip
2021-02-23 20:06 - 2021-02-24 14:25 - 000000618 _____ C:\Users\Dohnovan\Desktop\Passwords.txt
2021-02-21 16:31 - 2021-02-21 16:31 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-21 16:31 - 2021-02-21 16:31 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-21 16:31 - 2021-02-21 16:30 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-21 16:31 - 2021-02-21 16:30 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-21 16:30 - 2021-02-21 16:30 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-21 16:29 - 2021-02-21 16:29 - 002084016 _____ (Malwarebytes) C:\Users\Dohnovan\Downloads\MBSetup.exe
2021-02-20 17:45 - 2021-02-20 17:45 - 000000026 _____ C:\Users\Dohnovan\Desktop\d&d message from orcs.txt
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-03-19 10:21 - 2019-06-19 20:30 - 000000000 ____D C:\FRST
2021-03-19 10:14 - 2020-12-20 10:43 - 000003132 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2021-03-19 10:14 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-19 10:13 - 2020-06-18 15:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-19 09:39 - 2020-06-18 16:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-19 09:39 - 2020-06-18 15:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-19 09:39 - 2019-06-19 15:54 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2021-03-19 09:38 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-19 09:38 - 2017-04-11 10:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-03-19 09:32 - 2020-12-09 20:01 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\discord
2021-03-18 19:46 - 2021-01-04 11:37 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\AMD_Common
2021-03-18 18:55 - 2020-06-18 15:49 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-18 18:55 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-18 17:23 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-18 17:23 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-18 16:43 - 2019-06-19 15:48 - 008875324 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-03-18 16:27 - 2020-06-18 16:04 - 000004172 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{4C0E0C52-0BCF-4545-B5E0-AA2D9A8EA0A4}
2021-03-17 19:08 - 2019-04-05 09:21 - 000000000 ____D C:\Users\Dohnovan\Desktop\mbar
2021-03-17 19:08 - 2019-04-05 09:21 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-03-17 17:34 - 2019-06-19 20:29 - 002300928 _____ (Farbar) C:\Users\Dohnovan\Desktop\FRST64.exe
2021-03-17 15:52 - 2020-06-03 11:41 - 000000000 ____D C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)
2021-03-17 08:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-16 21:05 - 2020-06-18 14:32 - 000000000 ____D C:\Users\Dohnovan
2021-03-16 08:18 - 2017-12-13 05:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-16 00:04 - 2020-09-19 15:59 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-03-16 00:04 - 2020-09-19 15:59 - 000002330 _____ C:\ProgramData\Desktop\Brave.lnk
2021-03-15 14:03 - 2018-01-14 11:42 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-15 14:03 - 2018-01-14 11:42 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-03-15 08:39 - 2020-06-13 10:56 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-15 08:39 - 2020-06-13 10:56 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-14 18:16 - 2020-06-18 16:04 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2108490749-413910539-1021375685-1003
2021-03-14 18:15 - 2020-06-18 14:32 - 000002379 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-14 18:15 - 2017-12-09 11:39 - 000000000 ___RD C:\Users\Dohnovan\OneDrive
2021-03-14 17:50 - 2020-06-18 16:04 - 000003824 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-03-14 17:50 - 2020-06-18 16:04 - 000003382 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-03-14 17:50 - 2019-06-20 10:43 - 000000808 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-03-14 12:00 - 2017-03-18 15:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-14 11:56 - 2017-12-09 15:53 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\steelseries-engine-3-client
2021-03-14 11:55 - 2018-04-14 10:45 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\CrashDumps
2021-03-13 22:34 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-13 22:34 - 2017-04-07 15:15 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-11 00:46 - 2020-06-18 15:39 - 000436016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-11 00:20 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-10 23:30 - 2017-12-09 11:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 23:25 - 2017-12-09 11:40 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-09 11:32 - 2017-12-09 19:50 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Packages
2021-03-03 21:52 - 2020-11-02 10:08 - 000003510 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA1d6b1325f7ebb04
2021-03-03 21:52 - 2020-11-02 10:07 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b1323b307d96
2021-03-02 18:27 - 2018-03-13 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2021-03-01 22:33 - 2020-09-21 18:28 - 000000680 _____ C:\Users\Dohnovan\Desktop\ESET Online Scanner.lnk
2021-03-01 16:28 - 2018-05-21 16:36 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\D3DSCache
2021-03-01 13:59 - 2017-12-08 22:06 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-26 22:10 - 2018-05-21 16:18 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\AMD
2021-02-26 20:21 - 2019-06-13 02:11 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\EasyAntiCheat
2021-02-26 19:05 - 2017-12-11 11:45 - 000000000 ____D C:\Users\Dohnovan\Documents\Black Desert
2021-02-24 14:16 - 2019-04-17 13:07 - 000000000 ____D C:\Users\Dohnovan\Desktop\Wotlk addons
2021-02-24 13:24 - 2020-11-29 18:56 - 000000000 ____D C:\Users\Dohnovan\Desktop\Genshin Impact
2021-02-23 13:55 - 2021-01-06 14:50 - 000000090 _____ C:\Users\Dohnovan\Desktop\black desert.txt
2021-02-21 18:50 - 2019-06-20 10:47 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe
2021-02-21 16:31 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-20 07:09 - 2020-11-20 01:36 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
 
==================== Files in the root of some directories ========
 
2017-12-18 14:43 - 2017-12-18 14:43 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2021-03-01 20:52 - 2021-03-08 23:19 - 000007598 _____ () C:\Users\Dohnovan\AppData\Local\Resmon.ResmonCfg
2019-12-02 20:28 - 2019-12-02 20:28 - 000000000 _____ () C:\Users\Dohnovan\AppData\Local\{2E790E1A-D8C4-4654-B4E8-3C78CC7E0B81}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by Dohnovan (19-03-2021 10:24:05)
Running from C:\Users\Dohnovan\Desktop
Windows 10 Home Version 2004 19041.867 (X64) (2020-06-18 22:05:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2108490749-413910539-1021375685-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2108490749-413910539-1021375685-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2108490749-413910539-1021375685-1002 - Limited - Disabled)
Dohnovan (S-1-5-21-2108490749-413910539-1021375685-1003 - Administrator - Enabled) => C:\Users\Dohnovan
Guest (S-1-5-21-2108490749-413910539-1021375685-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2108490749-413910539-1021375685-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
APOInstallerMSISetup (HKLM\...\{5C4734F8-9AF3-4324-A36E-DC147853B2F5}) (Version: 1.2.1101 - Steelseries) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.1.0.17816 - Perfect World Entertainment)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{C9BA81B6-4A0F-454A-B331-81A45A57573E}) (Version: 1.2.1101 - Steelseries) Hidden
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
Black Desert (HKLM-x32\...\BlackDesert_NA_is1) (Version: 1.0 - PearlAbyss Corp.)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.21.77 - Brave Software Inc)
Discord (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Discord) (Version: 0.0.309 - Discord Inc.)
ExitLag version 4 (HKLM-x32\...\{B3117F72-F22D-4DA7-B554-B3F4EDBB408F}_is1) (Version: 4 - ExitLag)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.6.1.0 - miHoYo Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Gyazo 4.1.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.8.889 - SurfRight B.V.)
Intel® Wireless Bluetooth® (HKLM-x32\...\{0E13241D-76B0-4A4C-9665-3969F55C08D5}) (Version: 19.40.1702.1091 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{263d87d0-9772-40be-ab36-eabbdbff49f7}) (Version: 21.20.1 - Intel Corporation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20294 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.57 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.1.0 - Nexon)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20294 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Path of Building version 1.4.137 (HKLM-x32\...\{72FA9AB7-189F-4BDE-8856-72DEB90C157B}_is1) (Version: 1.4.137 - Openarl)
ProductDaemonSetup (HKLM\...\{C31282E4-C1A3-433C-A803-D9ED4A99DC8F}) (Version: 1.2.1101 - Steelseries) Hidden
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.21.1 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.0228.021813 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Revo Uninstaller 2.2.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.2 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SSAudio (HKLM-x32\...\{1c112a1f-1120-415d-85ab-7a3de5b0a9c2}) (Version: 1.2.1101 - Steelseries)
SSAudioDaemonMSISetup (HKLM\...\{CDEA766D-38C5-448B-8316-02D01C842E1E}) (Version: 1.2.1101 - Steelseries) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.19.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.19.2 - SteelSeries ApS)
TeamSpeak 3 Client (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
The Witcher 3 Mod Manager (HKLM\...\{B8F09437-C8B5-4DFD-B655-C93E8C05A8DE}) (Version: 0.6.4 - stefan3372)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
 
Packages:
=========
9 zip -> C:\Program Files\WindowsApps\184MagikHub.9zip_3.3.75.0_x64__hvr7qkvwfhvx6 [2020-07-19] (Magik Hub) [MS Ad]
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12] (eyeo GmbH)
AdGuard AdBlocker -> C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.3.8.0_neutral__m055xr0c82818 [2020-01-11] (Performix)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.2.36.0_x86__kgqvnymyfvs32 [2021-02-18] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-03] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.8.14.0_x86__h6adky7gbf63m [2021-03-17] (Gameloft SE)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.40.4001.0_x86__ytsefhwckbdv6 [2021-03-03] (G5 Entertainment AB)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.3.838.0_x64__v10z8vjag6ke6 [2021-03-03] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.4.2.1_x86__h6adky7gbf63m [2021-03-15] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-27] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21005.0_x64__8wekyb3d8bbwe [2021-03-10] (Microsoft Studios)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-05] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2017-12-09] (Plex)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2017-12-27] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-07-27 15:14 - 2020-07-27 15:14 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-19 06:40 - 2020-03-19 06:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2020-03-19 06:40 - 2020-03-19 06:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2020-11-13 15:48 - 2020-11-13 15:48 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2019-12-23 10:49 - 2019-12-23 10:49 - 002146304 _____ (Holtek Semiconductor Inc.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\HIDDLL.dll
2019-12-23 10:49 - 2019-12-23 10:49 - 002284032 _____ (Holtek) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\ISPDLL.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-11-13 16:00 - 2020-11-13 16:00 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 15:03 - 2020-12-29 17:04 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\Dohnovan\AppData\Local\Microsoft\WindowsApps;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
Network Binding:
=============
Wi-Fi: ExitLag Game Booster -> nt_ndextlag (enabled) 
Local Area Connection: ExitLag Game Booster -> nt_ndextlag (enabled) 
Ethernet 2: ExitLag Game Booster -> nt_ndextlag (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "OPENVPN-GUI"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F0412D97-2B69-47C9-BBFB-2ED8469D7CE2}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{54B9FF3F-545D-4E04-86D8-EA8F5621F500}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [UDP Query User{A0E149A6-970C-44C4-AFFC-02FC91A4CB96}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [TCP Query User{C8177E75-DFAB-46C2-B950-CE420F73D664}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{1A19CF1E-D116-42F0-B9A7-384643F19007}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsGOTYEnhanced\Binaries\Win64\Launcher.exe (Gearbox Software) [File not signed]
FirewallRules: [{EB032B57-B507-45D3-A36B-2EB7427FE64F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsGOTYEnhanced\Binaries\Win64\Launcher.exe (Gearbox Software) [File not signed]
FirewallRules: [{8B20679D-6B13-4526-A9F9-DA769BDB75F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [{6194837C-5728-41B2-9102-A3C8FA70A4DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [{E246DB11-0299-4E9E-BAF1-F9600C9E1E87}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F01FBF58-567C-4C2D-9E09-69501E7126D0}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{0C6F481E-F930-4C76-AE5C-202166C80AE3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{3A8F03ED-1DF4-4EFC-AB24-470F3D8E2A04}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A73A6A68-3D6E-4ACB-BB1C-69891D2BC2E1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D98FA1A5-1463-4F80-B944-62DCFE82B0DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{21FC1428-1EFB-47FF-BF78-DB5B1945382E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A8E5B1A0-6D7D-4D9C-96E1-B72039726CC2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3D351B8C-C55C-4E63-8639-18CAD54C17A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{F51AAC48-DBDB-4C61-8F51-A45DA1FA8EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{778DC5E1-C574-45F8-B392-C78E46DEBF4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe () [File not signed]
FirewallRules: [{9D6CABF9-DFDA-4F3C-9AC8-6092BAA007E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe () [File not signed]
FirewallRules: [{8D6BD339-6DB0-4B01-B064-950E1CB534FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{D37551E3-AE21-495A-90C1-0CE6907D3259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{47CDB22F-7783-4CED-BF1C-D9ACDD81E0D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{7F676C03-41AA-4617-AA13-BC0B88A05086}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{F2E459D0-8C52-44F9-B805-AFDA263B500D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{AE0EC883-ECC1-4257-9241-1C9586835901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{2C813A9F-F998-4D44-8B34-6963CF481A47}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{355EBCE9-2330-4B92-8E46-C7C76C402DA4}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [TCP Query User{4F7CACBF-BBB5-428E-B6EE-D1163044D084}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{31B319D4-01B2-48FE-81A7-51110CE771B7}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{732F52FA-463B-4228-8163-A5EC1E0B8C73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{50E286A9-EC43-4A42-82B3-B541B6893C62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{1F8ED8C6-7BC4-4A9D-A0C4-CB325EFD5D6B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{10E915F4-B060-41ED-9099-5EF5FEDC51B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{A1107BB9-D07D-4538-921E-DD81D2AEECB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{B9560637-801F-41CE-A17C-F3FDC19C0A25}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3962E0D-CDF1-4C1F-8433-70CA4D2E8E5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{9C079169-4035-4C47-9C96-D876628FC9B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{BE5EC272-EEEF-4A15-B949-0B4AA4DF9A49}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EA284918-D546-44FC-90DB-F67C0A01F451}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F99F2C57-33C0-4429-8589-6EA1F26FE6B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{90608AD6-5A3D-4F73-BB7B-228D13F18FB6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E619D90D-C5F3-40ED-8654-29CC2D7D08FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{304858AA-A688-487C-A602-D1C56977B327}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{66A4EE9A-99C0-4783-87EC-D3CC93480DFB}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{A680F369-26D4-4CA5-A694-AD1D7F441BBF}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{D4FC71AD-FB54-4534-8DA3-4483980F4A4B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.57\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
28-02-2021 22:14:21 Scheduled Checkpoint
10-03-2021 22:27:10 Scheduled Checkpoint
18-03-2021 17:47:02 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/19/2021 09:37:27 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (03/19/2021 09:36:07 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6e41de72-bee4-4262-a408-4601d314afd3}
 
Error: (03/18/2021 04:44:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (03/18/2021 04:41:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b93979ab-5747-456d-a2a4-19420f64fb88}
 
Error: (03/17/2021 10:56:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3344
 
Start Time: 01d71b3ea7e4e14c
 
Termination Time: 14
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
 
Report Id: 517579c0-5d33-4065-a21f-536687a2f104
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (03/17/2021 08:22:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GameBar.exe version 5.521.2012.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 17a8
 
Start Time: 01d71b37985c2a74
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe
 
Report Id: 3c724c15-e40e-4164-9683-9f155a7eff1a
 
Faulting package full name: Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Hang type: Navigation
 
Error: (03/16/2021 03:56:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 243c
 
Start Time: 01d71aab5104b321
 
Termination Time: 10
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
 
Report Id: 63b60fc6-6c72-4f02-a04b-398c8bb2a644
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (03/15/2021 11:26:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2d9c
 
Start Time: 01d719c02926a01d
 
Termination Time: 9
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
 
Report Id: 27dffeda-7556-4464-a889-0f4e8d5fd537
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
 
System errors:
=============
Error: (03/19/2021 09:38:13 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll
 
Error: (03/19/2021 09:38:13 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll
 
Error: (03/19/2021 09:38:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll
 
Error: (03/19/2021 09:37:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (03/19/2021 09:37:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/19/2021 09:37:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/19/2021 09:32:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Chroma SDK Server service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/19/2021 09:32:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
================
Date: 2021-03-19 08:52:40
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-18 10:20:56
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-17 15:48:55
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-14 10:46:12
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-13 21:15:08
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-06 08:27:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.331.2515.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2021-03-06 08:27:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.331.2515.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2021-03-06 08:27:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.331.2515.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2021-03-06 08:25:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.331.2350.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x80070643
Error description: Fatal error during installation. 
 
CodeIntegrity:
===============
Date: 2020-12-31 15:28:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-31 04:40:22
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1.51 05/02/2017
Motherboard: Micro-Star International Co., Ltd B350M BAZOOKA (MS-7A38)
Processor: AMD Ryzen 5 1400 Quad-Core Processor 
Percentage of memory in use: 60%
Total physical RAM: 8144.69 MB
Available physical RAM: 3193.96 MB
Total Virtual: 17872.69 MB
Available Virtual: 9265.34 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:117.92 GB) NTFS
 
\\?\Volume{34b487b2-1f24-455b-888b-88fe24145180}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{7c6e70a3-6b38-47db-a32a-880393128539}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1BA58450)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, Eldon123.

 

This time I wanted you to run AdwCleaner in clean mode. We need to send to Quarantine the items detected. After that, I want the AdwCleaner[C0*].txt, not the AdwCleaner[S0*].txt.

 

And... I will need fresh FRST logs after cleaning with AdwCleaner.

 

Here are the instructions for everything: http://www.geekstogo...d/#entry2657518

 

Please attach the fresh logs instead of pasting them here. It's easier for me to review them.

  • Choose the More reply option
  • Browse under the title Attach Files below the reply area
  • Find the logs, one by one, and choose Attach this file

  • 0

#7
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

So, I may have given you the wrong log from Adwcleaner yesterday. I did what you told me to do with the program tho. I just rescanned and nothing came up with Adwcleaner. Heres the log I think you wanted tho.

Attached Files


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, Eldon123.
 
Your computer is clean now.
 

1. FRST fix

 

This is to remove some minor things:

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
Task: {9FF808B4-FEF0-4422-BECB-E25DFD0F53E5} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15019488 2021-02-21] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C79BF558-573A-4BB0-A5A6-A6C79E3FC83F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15019488 2021-02-21] (ESET, spol. s r.o. -> ESET spol. s r.o.)
C:\Program Files (x86)\Common Files\wruninstall.exe
C:\Users\Dohnovan\AppData\Local\{2E790E1A-D8C4-4654-B4E8-3C78CC7E0B81}
C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Check Windows Defender

 

Let's check if Windows Defender is working fine.

  • Go to Settings by pressing the Windows logo key on the keyboard and the letter i at the same time.
  • Choose Update & Security.
  • From the menu at the left choose Windows Security.
  • Click on Open Windows Security.
  • Please take a screenshot of the new window that will open.

(Here it is an article about taking screenshots, in case you need it. Use Method 2.)

 

 

3. Feedback

 

How is the computer running now? Please report any remaining issue/question/concern.

 

 

In your next reply please post:

  1. The fixlog.txt
  2. The screenshot regarding Windows Defender
  3. Your feedback about how is the computer running now

  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, Eldon123.

 

Are you still with me?


  • 0

#10
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks a bunch for the help.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-03-2021
Ran by Dohnovan (22-03-2021 08:25:59) Run:4
Running from C:\Users\Dohnovan\Desktop
Loaded Profiles: Dohnovan
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {9FF808B4-FEF0-4422-BECB-E25DFD0F53E5} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15019488 2021-02-21] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C79BF558-573A-4BB0-A5A6-A6C79E3FC83F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15019488 2021-02-21] (ESET, spol. s r.o. -> ESET spol. s r.o.)
C:\Program Files (x86)\Common Files\wruninstall.exe
C:\Users\Dohnovan\AppData\Local\{2E790E1A-D8C4-4654-B4E8-3C78CC7E0B81}
C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FF808B4-FEF0-4422-BECB-E25DFD0F53E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FF808B4-FEF0-4422-BECB-E25DFD0F53E5}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C79BF558-573A-4BB0-A5A6-A6C79E3FC83F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C79BF558-573A-4BB0-A5A6-A6C79E3FC83F}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
C:\Program Files (x86)\Common Files\wruninstall.exe => moved successfully
C:\Users\Dohnovan\AppData\Local\{2E790E1A-D8C4-4654-B4E8-3C78CC7E0B81} => moved successfully
C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11731146 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 20466673 B
Edge => 0 B
Chrome => 435432441 B
Brave => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 9884 B
Dohnovan => 54329293 B
 
RecycleBin => 8284948 B
EmptyTemp: => 516.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:28:42 ====

Attached Thumbnails

  • Capture.PNG

Edited by Eldon123, 22 March 2021 - 08:56 AM.

  • 0

Advertisements


#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Thanks. :)

 

Everything seems fine in the logs.

 

Any remaining issues?


  • 0

#12
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Not as far as I know. Thank you so much for the help, I hope you have a wonderful rest of your week!


  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Since no concerns, let's get into the home straight. :)

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

 

==============================

Here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

 

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled.


If you have any questions or concerns please don't hesitate to ask!

I'm glad I was able to help you.

 


  • 0

#14
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

when I tried downloading the tool from that website google blocked it saying it was malware or something. I went to security garden and read what it said, I downloaded spywareblaster, and SUPERantispyware from the link the website provided. Thanks for the resource.


Edited by Eldon123, 24 March 2021 - 10:09 AM.

  • 0

#15
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

when I tried downloading the tool from that website google blocked it saying it was malware or something.

 
Hi, Eldon123.
 
No, certainly not a malware. it's a false-positive detection. Please, allow it to run. If you are not sure about what is blocking it, take a screenshot of the warning and attach it here for me to check.
 

I went to security garden and read what it said, I downloaded spywareblaster, and SUPERantispyware from the link the website provided. I also tried clicking the link there for a program that would tell me when theres software updates but it gave me a 404 message in another tab. Thanks for the resource.

 

Since you already have Malwarebytes, SuperAntispyware is not needed. If you want to have it for a second opinion, keep it.

 

Spywareblaster is fine.

 

I don't get an error regarding the third-pardy software updates. There is a mention to Ucheck, which can be found here: https://www.adlice.com/ucheck/


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP