Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My pc has been hacked bank details and all passwords compromised


  • Please log in to reply

#1
justrealdays

justrealdays

    New Member

  • Member
  • Pip
  • 2 posts

Downloaded a file was about 3kb thought nothing of it at the time trying to get lower latency with Fortnite looks like the root cause of this, ended up looking at the video and the site he was using was legit so i thought nothing of the link in the description and now seems to me to be the problem. I've removed a trojan with malware bytes but don't think this hacker is removed there were absolutely no ads running during this if I didn't check my email or bank account I'd never have known this was happening. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by user (administrator) on DESKTOP-GVK767G (Gigabyte Technology Co., Ltd. H55M-S2) (17-04-2021 21:40:21)
Running from C:\Users\user\Downloads
Loaded Profiles: user
Platform: Windows 10 Pro Version 20H2 19042.928 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Discord Inc. -> Discord Inc.) C:\Users\user\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <25>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\user\Downloads\adwcleaner_8.2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <22>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\NVDisplay.Container.exe <2>
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\PMRunner32.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\PMRunner64.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [267072 2021-03-31] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\Run: [Discord] => C:\Users\user\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33001952 2021-04-15] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\MountPoints2: {9695aa92-be75-11ea-9695-1c6f652af113} - "E:\INSTALL_ADB_RNDIS.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2021-04-15]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A74C039-8403-41F8-874C-6C6F9A03BC73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-02] (Google LLC -> Google LLC)
Task: {188A896A-401C-462A-AB69-ECF1EC039584} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1A7EDFFC-D927-46E8-8E2E-0D21CBD26435} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {2579714B-F0D2-4FEB-AF4B-A10E907019D7} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2EB5E1EB-78EA-4FC6-88DC-03CCB4023724} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2F7E3303-ED07-4ABE-9251-FD9237A719FA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {351AC97A-DD0F-4EE5-BDE3-3160F12D5770} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {42BA974D-FC85-4A00-B07F-6E4EB90BE4AF} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [791608 2021-03-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {482C75F2-2CDC-47FD-83BF-AE0707DCE50F} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49121EEC-867C-4699-86D8-FFA7FC49762C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-02] (Google LLC -> Google LLC)
Task: {66B7D89D-3AD9-46F5-9DB5-C8C886B6A869} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7E5FB3D9-664B-409F-9F7D-8504AD9C7CF5} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {86A43753-08CB-440F-A7F0-A56F715BC865} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A12C45CE-F309-40E7-B8EF-5689E8F34F39} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {C00B2138-EA6E-4CC7-9E26-D815CBABE4BE} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {C221789C-2842-4F38-9DFB-E95307DB403C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5f57691d-a2a2-432b-a00a-c5aa4bcb1be3}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c66ec531-5194-48ff-89cd-b03621ca0040}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-17]
Edge Extension: (Outlook) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-03-23]
Edge Extension: (Word) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-03-23]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-17]
Edge Extension: (Excel) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-03-23]
Edge Extension: (PowerPoint) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-03-23]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-04-17]
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-02]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-02]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-02]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-02]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-02]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-02]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-03-23] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-03-23] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [409456 2021-03-30] (NVIDIA Corporation -> NVIDIA)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-17] (Malwarebytes Inc -> Malwarebytes)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-03-22] (Razer USA Ltd. -> Razer Inc)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1332632 2021-03-30] (Rockstar Games, Inc. -> Rockstar Games)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533808 2021-01-29] (Razer USA Ltd. -> Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [291320 2021-03-31] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BLKWGDv8x64; C:\WINDOWS\System32\drivers\BLKWGDv8x64.sys [386344 2006-11-17] (Realtek Semiconductor Corp -> Belkin)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-24] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
S3 EasyAntiCheatSys; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys [2382784 2021-04-17] (EasyAntiCheat Oy -> EasyAntiCheat Oy)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-17] (Malwarebytes Inc -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-17] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-04-17] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-17] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-17] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-04-17] (Malwarebytes Inc -> Malwarebytes)
S3 tap0901cn; C:\WINDOWS\System32\drivers\tap0901cn.sys [47448 2020-07-09] (Connectify (Connectify, Inc.) -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
U4 napagent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-17 21:40 - 2021-04-17 21:41 - 000018379 _____ C:\Users\user\Downloads\FRST.txt
2021-04-17 21:37 - 2021-04-17 21:41 - 000000000 ____D C:\FRST
2021-04-17 21:36 - 2021-04-17 21:36 - 002298368 _____ (Farbar) C:\Users\user\Desktop\FRST64 (2).exe
2021-04-17 21:35 - 2021-04-17 21:35 - 002297856 _____ (Farbar) C:\Users\user\Downloads\Unconfirmed 416802.crdownload
2021-04-17 21:34 - 2021-04-17 21:34 - 002297856 _____ (Farbar) C:\Users\user\Downloads\Unconfirmed 268696.crdownload
2021-04-17 21:21 - 2021-04-17 21:21 - 000000000 ____D C:\AdwCleaner
2021-04-17 21:20 - 2021-04-17 21:20 - 002078632 _____ (Malwarebytes) C:\Users\user\Downloads\MBSetup (1).exe
2021-04-17 21:12 - 2021-04-17 21:12 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-04-17 21:12 - 2021-04-17 21:12 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-04-17 21:12 - 2021-04-17 21:12 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-04-17 21:09 - 2021-04-17 21:09 - 008534696 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner_8.2.exe
2021-04-17 21:05 - 2021-04-17 21:05 - 000000000 ____D C:\WINDOWS\%LOCALAPPDATA%
2021-04-17 21:04 - 2021-04-17 21:04 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-17 21:04 - 2021-04-17 21:04 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-17 21:04 - 2021-04-17 21:04 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-17 21:04 - 2021-04-17 21:04 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-04-17 21:04 - 2021-04-17 21:04 - 000002029 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-04-17 21:04 - 2021-04-17 21:04 - 000000000 ____D C:\Users\user\AppData\Local\mbam
2021-04-17 21:04 - 2021-04-17 21:03 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-17 21:04 - 2021-04-17 21:03 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-17 21:03 - 2021-04-17 21:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-17 21:02 - 2021-04-17 21:02 - 000003140 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2021-04-17 21:02 - 2021-04-17 21:02 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-17 21:01 - 2021-04-17 21:01 - 002078632 _____ (Malwarebytes) C:\Users\user\Downloads\MBSetup.exe
2021-04-15 20:59 - 2021-04-15 20:59 - 000001877 _____ C:\Users\user\Desktop\FirstBackup.spg
2021-04-15 20:55 - 2021-04-15 20:55 - 000684032 _____ (Speed Guide Inc.) C:\Users\user\Desktop\TCPOptimizer.exe
2021-04-15 20:44 - 2021-04-15 20:46 - 000000000 ____D C:\Users\user\AppData\Local\WinZip
2021-04-15 20:44 - 2021-04-15 20:44 - 000003658 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2021-04-15 20:44 - 2021-04-15 20:44 - 000003656 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2021-04-15 20:44 - 2021-04-15 20:44 - 000003656 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2021-04-15 20:44 - 2021-04-15 20:44 - 000002087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2021-04-15 20:44 - 2021-04-15 20:44 - 000001987 _____ C:\Users\Public\Desktop\WinZip.lnk
2021-04-15 20:44 - 2021-04-15 20:44 - 000001987 _____ C:\ProgramData\Desktop\WinZip.lnk
2021-04-15 20:44 - 2021-04-15 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2021-04-15 20:43 - 2021-04-15 20:44 - 000000000 ____D C:\ProgramData\WinZip
2021-04-15 20:43 - 2021-04-15 20:44 - 000000000 ____D C:\Program Files\WinZip
2021-04-15 20:42 - 2021-04-15 20:42 - 000000000 ____D C:\ProgramData\UniqueId
2021-04-15 20:41 - 2021-04-15 20:41 - 000977320 _____ (WinZip Computing) C:\Users\user\Downloads\winzip25.exe
2021-04-15 20:04 - 2021-04-15 20:04 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-04-15 19:46 - 2021-04-13 08:23 - 001855208 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-04-15 19:46 - 2021-04-13 08:23 - 001855208 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-04-15 19:46 - 2021-04-13 08:23 - 001452320 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-04-15 19:46 - 2021-04-13 08:23 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-04-15 19:46 - 2021-04-13 08:23 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-04-15 19:46 - 2021-04-13 08:23 - 001191712 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-04-15 19:46 - 2021-04-13 08:23 - 001094888 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-04-15 19:46 - 2021-04-13 08:23 - 001094888 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-04-15 19:46 - 2021-04-13 08:23 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-04-15 19:46 - 2021-04-13 08:23 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-04-15 19:46 - 2021-04-13 08:20 - 000715568 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-04-15 19:46 - 2021-04-13 08:20 - 000675120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-04-15 19:46 - 2021-04-13 08:20 - 000626976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-04-15 19:46 - 2021-04-13 08:20 - 000575776 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-04-15 19:46 - 2021-04-13 08:19 - 002106136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-04-15 19:46 - 2021-04-13 08:19 - 001590560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-04-15 19:46 - 2021-04-13 08:19 - 001514800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-04-15 19:46 - 2021-04-13 08:19 - 001166112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-04-15 19:46 - 2021-04-13 08:19 - 000811800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-04-15 19:46 - 2021-04-13 08:19 - 000689952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-04-15 19:46 - 2021-04-13 08:19 - 000656152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-04-15 19:46 - 2021-04-13 08:19 - 000564000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-04-15 19:46 - 2021-04-13 08:18 - 008317232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-04-15 19:46 - 2021-04-13 08:18 - 007434032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-04-15 19:46 - 2021-04-13 08:18 - 004795184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-04-15 19:46 - 2021-04-13 08:18 - 002823472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-04-15 19:46 - 2021-04-13 08:18 - 000445728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-04-15 19:46 - 2021-04-13 08:16 - 000848664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-04-15 19:46 - 2021-04-13 08:15 - 007212232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-04-15 19:46 - 2021-04-13 08:15 - 006159160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-04-15 19:46 - 2021-04-13 01:03 - 000087164 _____ C:\WINDOWS\system32\nvinfo.pb
2021-04-15 19:31 - 2021-04-15 19:31 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 19:31 - 2021-04-15 19:31 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 19:31 - 2021-04-15 19:31 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 19:31 - 2021-04-15 19:31 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 19:31 - 2021-04-15 19:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 19:31 - 2021-04-15 19:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 19:31 - 2021-04-15 19:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 19:31 - 2021-04-15 19:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 19:31 - 2021-04-07 12:38 - 002817904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2021-04-15 19:31 - 2021-04-07 12:38 - 002171760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-04-15 19:30 - 2021-04-15 19:30 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 19:30 - 2021-04-15 19:30 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 19:30 - 2020-08-14 08:59 - 000043416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys
2021-04-14 13:39 - 2021-04-14 13:39 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-14 13:38 - 2021-04-14 13:38 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-14 13:38 - 2021-04-14 13:38 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-12 13:27 - 2021-04-12 13:27 - 000001258 _____ C:\Users\user\Desktop\Epic Games Launcher.lnk
2021-04-12 04:28 - 2021-04-12 04:28 - 000002243 _____ C:\Users\user\Desktop\Grand Theft Auto V.lnk
2021-04-10 18:56 - 2021-04-10 18:56 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2021-04-10 18:55 - 2021-04-12 13:35 - 000000000 ____D C:\Users\user\AppData\Local\Rockstar Games
2021-04-10 18:55 - 2021-04-12 13:34 - 000000000 ____D C:\Users\user\Documents\Rockstar Games
2021-04-10 18:54 - 2021-04-12 04:28 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2021-04-10 18:54 - 2021-04-10 18:54 - 000001077 _____ C:\Users\user\Desktop\Rockstar Games Launcher.lnk
2021-04-10 18:54 - 2021-04-10 18:54 - 000000000 ____D C:\ProgramData\Rockstar Games
2021-04-10 18:52 - 2021-04-10 19:00 - 000000000 ____D C:\Program Files\Rockstar Games
2021-04-10 18:50 - 2021-04-10 18:51 - 086659672 _____ (Rockstar Games.) C:\Users\user\Downloads\Rockstar-Games-Launcher.exe
2021-04-10 18:44 - 2021-04-17 20:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-10 18:44 - 2021-04-10 18:51 - 000901292 _____ C:\WINDOWS\Minidump\041021-37843-01.dmp
2021-04-10 18:44 - 2021-04-10 18:51 - 000000000 ____D C:\WINDOWS\Minidump
2021-04-07 01:34 - 2021-04-07 01:34 - 000000000 ____D C:\Users\user\AppData\Local\OneDrive
2021-04-06 20:33 - 2021-04-06 20:33 - 000022448 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_33682050951968.dll
2021-04-05 21:39 - 2021-04-05 21:39 - 000022448 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_67879798286477.dll
2021-04-05 04:14 - 2021-04-17 21:24 - 000000000 ____D C:\Users\user\AppData\Roaming\discord
2021-04-05 04:14 - 2021-04-05 04:14 - 000002222 _____ C:\Users\user\Desktop\Discord.lnk
2021-04-05 04:14 - 2021-04-05 04:14 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-04-05 04:14 - 2021-04-05 04:14 - 000000000 ____D C:\Users\user\AppData\Local\SquirrelTemp
2021-04-05 04:14 - 2021-04-05 04:14 - 000000000 ____D C:\Users\user\AppData\Local\Discord
2021-04-05 04:13 - 2021-04-05 04:14 - 068822328 _____ (Discord Inc.) C:\Users\user\Downloads\DiscordSetup.exe
2021-04-05 01:30 - 2021-04-05 01:30 - 000000000 ____D C:\Users\user\AppData\Local\DBG
2021-04-05 01:30 - 2021-04-05 01:30 - 000000000 ____D C:\Users\user\AppData\Local\CrashReportClient
2021-04-04 00:14 - 2021-04-04 00:14 - 000000000 ____D C:\Users\user\Downloads\FN S6 Adamx Optimization
2021-04-04 00:05 - 2021-04-04 00:05 - 001184994 _____ C:\Users\user\Downloads\FN S6 Adamx Optimization.zip
2021-04-03 12:13 - 2021-04-15 21:50 - 000007603 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2021-04-02 13:14 - 2021-04-02 13:14 - 000000000 ____D C:\Users\user\AppData\Local\Razer
2021-04-02 13:13 - 2021-04-08 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2021-04-02 13:13 - 2021-04-02 13:13 - 000001244 _____ C:\Users\user\Desktop\Razer Cortex.lnk
2021-04-02 13:10 - 2021-04-02 13:13 - 000000000 ____D C:\Program Files (x86)\Razer
2021-04-02 13:07 - 2021-04-02 13:13 - 000000000 ____D C:\ProgramData\Razer
2021-04-02 12:55 - 2021-04-02 12:55 - 006611216 _____ (Razer Inc.) C:\Users\user\Downloads\RazerCortexInstaller.exe
2021-04-02 12:43 - 2021-04-02 12:43 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk
2021-04-02 12:43 - 2021-04-02 12:43 - 000001032 _____ C:\Users\Public\Desktop\TechPowerUp GPU-Z.lnk
2021-04-02 12:43 - 2021-04-02 12:43 - 000001032 _____ C:\ProgramData\Desktop\TechPowerUp GPU-Z.lnk
2021-04-02 12:43 - 2021-04-02 12:43 - 000000000 ____D C:\Users\user\AppData\Roaming\NVIDIA
2021-04-02 12:43 - 2021-04-02 12:43 - 000000000 ____D C:\Program Files (x86)\GPU-Z
2021-04-02 12:36 - 2021-04-02 12:36 - 007391632 _____ (TechPowerUp (www.techpowerup.com)) C:\Users\user\Downloads\GPU-Z.2.38.0.exe
2021-04-02 12:28 - 2021-04-08 09:34 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-04-02 12:28 - 2021-04-02 12:28 - 000001155 _____ C:\Users\user\Desktop\MSI Afterburner.lnk
2021-04-02 12:28 - 2021-04-02 12:28 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2021-04-02 12:26 - 2021-04-02 12:26 - 000000000 ____D C:\Users\user\Downloads\MSIAfterburnerSetup
2021-04-02 12:20 - 2021-04-17 21:00 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2021-04-02 12:20 - 2021-04-02 12:21 - 054164237 _____ C:\Users\user\Downloads\MSIAfterburnerSetup.zip
2021-04-02 12:15 - 2021-04-02 12:15 - 000000000 ____D C:\WINDOWS\system32\lxss
2021-04-02 12:10 - 2021-03-26 00:34 - 000038640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-04-02 11:36 - 2021-04-15 19:31 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2021-04-02 11:36 - 2021-04-15 19:31 - 000001443 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2021-04-02 11:36 - 2021-04-07 12:38 - 001293680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2021-04-02 11:36 - 2021-04-02 11:36 - 000000000 ____D C:\Users\user\AppData\Local\NVIDIA
2021-04-02 11:36 - 2021-04-02 11:36 - 000000000 ____D C:\Users\user\ansel
2021-04-02 11:36 - 2021-04-02 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-04-02 11:36 - 2021-03-30 11:57 - 000074608 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-04-02 11:36 - 2021-03-30 11:57 - 000064880 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2021-04-02 11:35 - 2021-04-15 19:31 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-04-02 11:35 - 2021-03-03 21:49 - 000168304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2021-04-02 11:35 - 2021-03-03 21:49 - 000144240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2021-04-02 11:35 - 2020-09-29 00:59 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2021-04-02 11:33 - 2020-03-11 20:26 - 000067456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2021-04-02 11:33 - 2020-03-06 11:03 - 000069840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2021-04-02 11:24 - 2021-04-02 11:26 - 127203936 _____ (NVIDIA Corporation New) C:\Users\user\Downloads\GeForce_Experience_v3.21.0.36.exe
2021-04-02 11:15 - 2021-04-05 00:20 - 000000000 ____D C:\Users\user\Documents\Sound recordings
2021-04-02 11:05 - 2021-04-15 01:09 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-02 11:05 - 2021-04-02 11:05 - 000000000 ____D C:\Program Files\Google
2021-04-02 11:03 - 2021-04-02 11:08 - 000000000 ____D C:\Users\user\AppData\Local\Google
2021-04-02 11:03 - 2021-04-02 11:03 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-02 11:03 - 2021-04-02 11:03 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-02 11:03 - 2021-04-02 11:03 - 000000000 ____D C:\Program Files (x86)\Google
2021-04-02 11:02 - 2021-04-02 11:02 - 001304160 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup.exe
2021-03-31 03:02 - 2021-03-31 03:02 - 000022448 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_5882931294762.dll
2021-03-29 17:47 - 2021-03-29 17:47 - 000022448 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_22145152100949.dll
2021-03-29 03:19 - 2021-03-29 03:19 - 000022448 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_1024549287807.dll
2021-03-29 02:35 - 2021-03-29 02:35 - 000022448 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_717538096574.dll
2021-03-27 21:41 - 2021-03-27 21:41 - 000022448 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_10582360444079.dll
2021-03-27 18:34 - 2021-03-27 18:34 - 000022448 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_69900037302316.dll
2021-03-25 01:49 - 2021-04-05 00:33 - 000000000 ____D C:\Users\user\AppData\Roaming\EasyAntiCheat
2021-03-24 01:51 - 2021-03-24 01:51 - 000000533 _____ C:\Users\user\Desktop\Local Disk © - Shortcut.lnk
2021-03-23 17:39 - 2021-03-23 17:39 - 000002914 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-03-23 17:39 - 2021-03-23 17:39 - 000002908 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-03-23 17:39 - 2021-03-23 17:39 - 000002904 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-03-23 17:39 - 2021-03-23 17:39 - 000002902 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-03-23 17:36 - 2021-04-17 04:28 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-23 17:36 - 2021-04-17 04:28 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-03-23 17:36 - 2021-04-17 04:28 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-23 17:36 - 2021-03-24 01:20 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-23 17:36 - 2021-03-24 01:20 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-23 17:06 - 2021-03-23 17:06 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-03-23 17:06 - 2021-03-23 17:06 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-03-23 17:06 - 2021-03-23 17:06 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-03-23 17:06 - 2021-03-23 17:06 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-03-23 17:05 - 2021-03-23 17:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-23 17:05 - 2021-03-23 17:05 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-03-23 17:05 - 2021-03-23 17:05 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-03-23 17:05 - 2021-03-23 17:05 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-03-23 17:05 - 2021-03-23 17:05 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-03-23 17:05 - 2021-03-23 17:05 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-03-23 17:05 - 2021-03-23 17:05 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-03-23 17:05 - 2021-03-23 17:05 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-03-23 17:05 - 2021-03-23 17:05 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-03-23 17:04 - 2021-03-23 17:04 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-03-23 17:04 - 2021-03-23 17:04 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-03-23 17:04 - 2021-03-23 17:04 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-03-23 17:04 - 2021-03-23 17:04 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-03-23 17:03 - 2021-03-23 17:03 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-03-23 17:03 - 2021-03-23 17:03 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-03-23 17:02 - 2021-03-23 17:02 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-23 17:02 - 2021-03-23 17:02 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-23 17:02 - 2021-03-23 17:02 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-03-23 17:02 - 2021-03-23 17:02 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-03-23 17:02 - 2021-03-23 17:02 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-03-23 17:02 - 2021-03-23 17:02 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-03-23 17:02 - 2021-03-23 17:02 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-03-23 17:01 - 2021-03-23 17:01 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-03-23 17:01 - 2021-03-23 17:01 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-03-23 17:01 - 2021-03-23 17:01 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-03-23 17:01 - 2021-03-23 17:01 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-03-23 17:01 - 2021-03-23 17:01 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-03-23 17:01 - 2021-03-23 17:01 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-03-23 17:01 - 2021-03-23 17:01 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-03-23 17:00 - 2021-03-23 17:00 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-03-23 17:00 - 2021-03-23 17:00 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-23 17:00 - 2021-03-23 17:00 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-03-23 17:00 - 2021-03-23 17:00 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-23 17:00 - 2021-03-23 17:00 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-03-23 17:00 - 2021-03-23 17:00 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-03-23 16:59 - 2021-03-23 16:59 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-23 16:59 - 2021-03-23 16:59 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-03-23 16:59 - 2021-03-23 16:59 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-03-23 16:59 - 2021-03-23 16:59 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-03-23 16:59 - 2021-03-23 16:59 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-03-23 16:59 - 2021-03-23 16:59 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-03-23 16:58 - 2021-03-23 16:58 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-03-23 16:58 - 2021-03-23 16:58 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-03-23 16:58 - 2021-03-23 16:58 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-03-23 16:57 - 2021-03-23 16:57 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-03-23 16:57 - 2021-03-23 16:57 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-23 16:57 - 2021-03-23 16:57 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-03-23 16:57 - 2021-03-23 16:57 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-03-23 16:57 - 2021-03-23 16:57 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-03-23 16:57 - 2021-03-23 16:57 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-03-23 16:57 - 2021-03-23 16:57 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-03-23 16:57 - 2021-03-23 16:57 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-03-23 16:56 - 2021-03-23 16:56 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-03-23 16:56 - 2021-03-23 16:56 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-03-23 16:56 - 2021-03-23 16:56 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-23 16:56 - 2021-03-23 16:56 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-03-23 16:56 - 2021-03-23 16:56 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-03-23 16:56 - 2021-03-23 16:56 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-23 16:56 - 2021-03-23 16:56 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-03-23 16:56 - 2021-03-23 16:56 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-03-23 00:56 - 2021-03-23 00:56 - 000000000 ___SH C:\Users\Public\Shared Files
2021-03-23 00:49 - 2021-03-23 00:49 - 000000000 ____D C:\Users\user\AppData\Local\FortniteGame
2021-03-23 00:48 - 2021-03-25 01:49 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-03-23 00:09 - 2021-03-23 00:09 - 000000000 ____D C:\Program Files\Epic Games
2021-03-23 00:05 - 2021-04-10 18:55 - 000000000 ____D C:\Users\user\AppData\Local\D3DSCache
2021-03-23 00:05 - 2021-04-10 18:54 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-23 00:05 - 2021-04-02 12:25 - 000000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2021-03-23 00:05 - 2021-03-23 00:05 - 000000000 ____D C:\Users\user\AppData\Local\CEF
2021-03-23 00:01 - 2021-03-23 00:01 - 000000000 ____D C:\Users\user\AppData\Local\UnrealEngineLauncher
2021-03-23 00:00 - 2021-04-13 22:33 - 000000000 ____D C:\ProgramData\Epic
2021-03-23 00:00 - 2021-03-23 00:49 - 000000000 ____D C:\Users\user\AppData\Local\UnrealEngine
2021-03-23 00:00 - 2021-03-23 00:01 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-03-23 00:00 - 2021-03-23 00:00 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2021-03-23 00:00 - 2021-03-23 00:00 - 000000000 ____D C:\Users\user\AppData\Local\EpicGamesLauncher
2021-03-22 23:59 - 2021-03-22 23:59 - 056827904 _____ C:\Users\user\Downloads\EpicInstaller-12.1.1-fortnite-6fcee54534104320b2bbff862578d119.msi
2021-03-22 23:51 - 2021-04-17 20:59 - 000000000 ____D C:\ProgramData\NVIDIA
2021-03-22 22:30 - 2021-03-22 22:30 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-03-22 22:23 - 2021-04-14 13:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-22 22:17 - 2021-04-15 19:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-03-22 22:17 - 2021-04-15 19:31 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-03-22 22:17 - 2021-04-02 12:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-03-22 22:11 - 2021-03-26 00:34 - 000135408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-03-22 22:10 - 2020-10-07 14:32 - 005519600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-03-22 21:47 - 2021-03-22 22:38 - 000000000 ____D C:\Users\user\AppData\Local\PlaceholderTileLogoFolder
2021-03-22 20:45 - 2021-03-22 20:45 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-22 20:45 - 2021-03-22 20:45 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-03-22 20:44 - 2021-03-22 20:44 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-03-22 20:44 - 2021-03-22 20:44 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-03-22 20:44 - 2021-03-22 20:44 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-03-22 20:44 - 2021-03-22 20:44 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-03-22 20:44 - 2021-03-22 20:44 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-03-22 20:44 - 2021-03-22 20:44 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-03-22 20:44 - 2021-03-22 20:44 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-03-22 20:44 - 2021-03-22 20:44 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-03-22 20:44 - 2021-03-22 20:44 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-03-22 20:44 - 2021-03-22 20:44 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-03-22 20:44 - 2021-03-22 20:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-03-22 20:44 - 2021-03-22 20:44 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-17 21:04 - 2020-07-05 05:28 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-17 20:57 - 2020-07-05 05:28 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-17 20:52 - 2020-07-05 04:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-17 20:52 - 2020-07-05 04:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-17 09:34 - 2020-07-05 05:28 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-17 09:34 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-16 05:02 - 2020-07-05 05:23 - 000000000 ____D C:\WINDOWS\INF
2021-04-15 21:08 - 2020-07-05 05:22 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-15 21:01 - 2020-07-05 05:08 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-15 01:09 - 2020-04-26 13:31 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-15 01:09 - 2020-04-26 13:31 - 000002206 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-14 14:03 - 2020-07-05 04:51 - 000258688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-14 14:00 - 2020-07-05 05:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-14 14:00 - 2020-07-05 05:28 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-14 13:44 - 2020-07-05 05:12 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-14 13:38 - 2020-07-05 04:59 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-12 13:26 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-11 18:54 - 2020-07-05 04:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-10 18:44 - 2020-04-26 12:18 - 940178263 _____ C:\WINDOWS\MEMORY.DMP
2021-04-08 09:35 - 2020-07-05 05:49 - 000000000 ____D C:\WINDOWS\Panther
2021-04-06 00:26 - 2020-07-05 05:44 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-68092936-3360490207-1905757635-1001
2021-04-06 00:26 - 2020-07-05 05:09 - 000002360 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-06 00:26 - 2020-04-26 13:07 - 000000000 ___RD C:\Users\user\OneDrive
2021-04-04 00:44 - 2020-07-05 05:38 - 000000000 ____D C:\Users\user\AppData\Local\VirtualStore
2021-04-02 14:24 - 2020-07-06 08:23 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2021-04-02 12:28 - 2020-07-05 05:28 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-31 02:32 - 2020-07-05 05:38 - 000000000 ____D C:\Users\user\AppData\Local\Packages
2021-03-23 17:23 - 2020-07-05 05:28 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-03-23 17:23 - 2020-07-05 05:28 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-03-23 17:23 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-03-23 17:23 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-23 17:23 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-03-23 17:23 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-23 17:23 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-03-23 17:23 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-03-23 17:23 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-23 17:23 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-03-23 17:23 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\Com
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-03-23 17:22 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-03-23 17:21 - 2020-07-05 05:38 - 000000000 ____D C:\WINDOWS\en-GB
2021-03-23 17:21 - 2020-07-05 05:28 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-03-23 17:21 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-03-23 17:21 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-03-23 17:21 - 2020-07-05 05:28 - 000000000 ____D C:\WINDOWS\IME
2021-03-23 17:21 - 2020-07-05 05:28 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-03-23 17:21 - 2020-07-05 05:28 - 000000000 ____D C:\Program Files\Windows Defender
2021-03-23 17:21 - 2020-07-05 05:28 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-23 17:21 - 2020-07-05 05:28 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-03-23 17:21 - 2020-07-05 05:28 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-03-23 17:21 - 2020-07-05 05:08 - 000000000 ____D C:\WINDOWS\servicing
2021-03-23 17:16 - 2020-07-05 05:30 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-03-23 17:16 - 2020-07-05 05:30 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-03-23 00:56 - 2020-07-05 05:28 - 000000000 __SHD C:\Users\Public\Libraries
2021-03-23 00:44 - 2020-04-29 14:03 - 000000314 _____ C:\Users\user\Desktop\Fortnite.url
2021-03-22 22:21 - 2020-07-05 05:39 - 000000000 ____D C:\ProgramData\Packages
2021-03-22 22:02 - 2020-07-05 05:42 - 000000000 ____D C:\Users\user\AppData\Local\MicrosoftEdge
 
==================== Files in the root of some directories ========
 
2021-04-03 12:13 - 2021-04-15 21:50 - 000007603 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by user (17-04-2021 21:45:50)
Running from C:\Users\user\Downloads
Windows 10 Pro Version 20H2 19042.928 (X64) (2020-07-05 04:37:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-68092936-3360490207-1905757635-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-68092936-3360490207-1905757635-503 - Limited - Disabled)
Guest (S-1-5-21-68092936-3360490207-1905757635-501 - Limited - Disabled)
user (S-1-5-21-68092936-3360490207-1905757635-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-68092936-3360490207-1905757635-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Discord (HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{A2FB1E1A-55D9-4511-A0BF-DEAD0493FBBC}) (Version: 1.2.11.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
Excel (HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.128 - Google LLC)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2245.0 - Rockstar Games)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.39 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
MSI Afterburner 4.6.3 (HKLM-x32\...\Afterburner) (Version: 4.6.3 - MSI Co., LTD)
NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.22.0.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 - NVIDIA Corporation)
NVIDIA Graphics Driver 466.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Outlook (HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.14.15.1361 - Razer Inc.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.37.349 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.1 - Rockstar Games)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version:  - TechPowerUp)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)
Word (HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
 
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-16] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-04-15] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0 [2021-04-03] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\nvshext.dll [2021-04-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\user\OneDrive\ARRIS TG2492LG-85 Router - Shortcut.lnk -> hxxp://192.168.0.1
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi
 
==================== Loaded Modules (Whitelisted) =============
 
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3688]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2020-07-05 05:30 - 2020-07-05 05:18 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-68092936-3360490207-1905757635-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{287C2696-FF1F-4218-9520-99DE0FCC98A2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{60C3FD65-2354-430B-B753-23F526912EE1}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{28A8CF6D-14BE-401B-ABC1-94E1A51B5335}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{96E68F76-4FE5-4EE1-B325-44AE95F57EC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B9D3A593-F6D4-44AA-9162-DE44A7449B45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BEA94C4C-DE72-4D56-BE03-DD3E56BA5BA0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9EDC24A0-E711-4494-8C4D-6CF093649710}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BEAFDC13-C067-4E8C-9C33-37993060C770}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E173D9D8-CB73-4296-8F3F-32909C45CAC9}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{FA80D537-FB26-4B6C-ACEF-242B898F12E2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{DCF137AC-02AD-485B-B899-2DC8B91F6552}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{81F9F39F-8E4E-497F-A6EA-6233BA7E62A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{662E3D66-9CBA-42D2-96A4-28601FC33488}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D48E5437-06D6-4993-A406-DA65D6E46592}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{24D0301D-7CB3-48AB-BC7B-60AF8E1B065B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{54B95447-6040-4336-BB23-48D5BD1C10B8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{61647271-4389-428A-A07B-183ED416C316}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7E0A1C29-51E1-4B10-9BE0-DD5541F165DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{64817CC9-C06C-4FA6-9C38-8B258721EB5E}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{38657C24-8FE2-468A-8326-4F2B82C30FBE}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{718C66C8-A7E5-4EF8-B5BB-894AEB7555A9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3F955D5F-526F-4BB9-8341-9A38C2E3FD47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CCF1958F-B1A5-4BA8-A6FB-677314113DB0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{56BC3EBE-4B3F-42EA-9C66-3E62315EED19}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{908DC8CD-46AE-4440-88C8-D238D31A98D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{097E725E-2F9C-4645-886E-5956692027C8}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.77\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
14-04-2021 13:14:09 Windows Modules Installer
15-04-2021 20:43:04 Installed WinZip 25.0.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/17/2021 09:05:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.2.0.943, time stamp: 0x5fbd5689
Faulting module name: UpdateControllerImpl.dll, version: 3.2.0.575, time stamp: 0x60539062
Exception code: 0xc0000005
Fault offset: 0x000000000004a0d3
Faulting process ID: 0x4ac
Faulting application start time: 0x01d733c4de5aa17c
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll
Report ID: c94ccc5e-0a16-4695-af8e-cc6ff5adf9db
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/17/2021 08:59:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Razer Central.exe, version: 7.3.32.173, time stamp: 0x6013d942
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x26452a2a
Exception code: 0xe0434352
Fault offset: 0x0012a6e2
Faulting process ID: 0x18ac
Faulting application start time: 0x01d733c41826866f
Faulting application path: C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 9c547969-ac0b-4157-b6d7-c2bc6eb01ae0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/17/2021 08:59:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Razer Central.exe, version: 7.3.32.173, time stamp: 0x6013d942
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x26452a2a
Exception code: 0xe0434352
Fault offset: 0x0012a6e2
Faulting process ID: 0x23d4
Faulting application start time: 0x01d733c414175e6a
Faulting application path: C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 1797e223-f47d-4f06-890d-f644c5131050
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/17/2021 08:59:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Razer Central.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
 
Server stack trace: 
   at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at Microsoft.Shell.SingleInstance`1+IPCRemoteService[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeFirstInstance(System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SignalFirstInstance(System.String, System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InitializeAsFirstInstance(System.String)
   at RazerCentralApp.App.Main()
 
Error: (04/17/2021 08:59:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Razer Central.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
 
Server stack trace: 
   at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at Microsoft.Shell.SingleInstance`1+IPCRemoteService[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeFirstInstance(System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SignalFirstInstance(System.String, System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InitializeAsFirstInstance(System.String)
   at RazerCentralApp.App.Main()
 
Error: (04/14/2021 02:01:06 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (04/12/2021 01:33:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (04/12/2021 11:34:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Razer Central.exe, version: 7.3.32.173, time stamp: 0x6013d942
Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0xb610d74d
Exception code: 0xe0434352
Fault offset: 0x0012a8b2
Faulting process ID: 0x818
Faulting application start time: 0x01d72f876e9e4f35
Faulting application path: C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: a232d3d9-1987-4b67-b4e3-3b422ca5826e
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (04/17/2021 09:05:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (04/17/2021 08:57:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {5B99FA76-721C-423C-ADAC-56D03C8A8007} did not register with DCOM within the required timeout.
 
Error: (04/17/2021 08:56:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service did not respond on starting.
 
Error: (04/17/2021 08:52:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:24:41 on ‎17/‎04/‎2021 was unexpected.
 
Error: (04/15/2021 09:06:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service did not respond on starting.
 
Error: (04/15/2021 08:04:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (04/15/2021 08:04:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA LocalSystem Container service terminated with the following error: 
A generic command executable returned a result that indicates failure.
 
Error: (04/14/2021 11:49:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service did not respond on starting.
 
 
Windows Defender:
================
Date: 2021-04-15 20:48:59
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\user\Downloads\TCPOptimizer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.335.878.0, AS: 1.335.878.0, NIS: 1.335.878.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-15 20:48:09
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\user\Downloads\TCPOptimizer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.878.0, AS: 1.335.878.0, NIS: 1.335.878.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-15 20:48:01
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\user\Downloads\TCPOptimizer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.878.0, AS: 1.335.878.0, NIS: 1.335.878.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-15 20:47:36
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\user\Downloads\TCPOptimizer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.335.878.0, AS: 1.335.878.0, NIS: 1.335.878.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5
 
Date: 2021-04-15 20:47:31
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\user\Downloads\TCPOptimizer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.335.878.0, AS: 1.335.878.0, NIS: 1.335.878.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

CodeIntegrity:
===============
Date: 2021-04-17 21:05:43
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2021-04-14 18:14:01
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Users\user\AppData\Roaming\discord\0.0.309\modules\discord_hook\2e1ff455c11\DiscordHook64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-03-25 03:35:09
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\NvCamera\NvCameraAllowlisting64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2021-03-25 03:35:09
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
BIOS: Award Software International, Inc. F1 06/11/2010
Motherboard: Gigabyte Technology Co., Ltd. H55M-S2
Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 56%
Total physical RAM: 12251.49 MB
Available physical RAM: 5341.23 MB
Total Virtual: 14107.49 MB
Available Virtual: 5508.29 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.19 GB) (Free:309.48 GB) NTFS
 
\\?\Volume{ef08263a-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.12 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: EF08263A)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 
Really appreciate the help thank you.

 


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,624 posts

Welcome to Geeks to Go Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=========================
 
Your logs don't have signs of an active infection.
 
The first and most necessary thing you must do, if you think you got hacked, is to change passwords of every account you own, using a healthy device.
 
For now:

 

Move FRST tool from the Downloads folder onto your Desktop. Find it in the Downloads folder and just drag it onto the Desktop.

 

Then:
 
1. Malwarebytes Report
 
You said that you ran Malwarebytes which detected a trojan. Please, post here the Malwarebytes report:

  • Open Malwarebytes, click on the Scanner, and then on the Reports tab.
  • Find the report with the date you did the scan and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\MountPoints2: {9695aa92-be75-11ea-9695-1c6f652af113} - "E:\INSTALL_ADB_RNDIS.exe"
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U4 napagent; no ImagePath
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3688]
C:\Users\user\Desktop\TCPOptimizer.exe
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

3. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

In your next reply please post:

  1. The Malwarebytes report
  2. The fixlog.txt
  3. The eset.txt
  4. Feedback: problems you are experiencing regarding this computer right now

  • 0

#3
justrealdays

justrealdays

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Malwarebytes Report: 

 
 
www.malwarebytes.com
 
-Log Details-
Scan Date: 17/04/2021
Scan Time: 21:15
Log File: b5b307da-9fb9-11eb-b007-1c6f652af113.json
 
-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1251
Update Package Version: 1.0.39507
Licence: Trial
 
-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: DESKTOP-GVK767G\user
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 268328
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 min, 47 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
Trojan.Downloader.MSIL.Generic, C:\$RECYCLE.BIN\S-1-5-21-68092936-3360490207-1905757635-1001\$RJJ16NE.EXE, Quarantined, 11033, 919739, 1.0.39507, , ame, , 41F8536B0106B63A2EB9ED9E970847E3, 701BD34F2F465F6E8E416ECAC58A28395E3E12BC13A65F0439CA5B314AF09501
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)


Fixlog: 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by user (18-04-2021 10:00:16) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-68092936-3360490207-1905757635-1001\...\MountPoints2: {9695aa92-be75-11ea-9695-1c6f652af113} - "E:\INSTALL_ADB_RNDIS.exe"
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U4 napagent; no ImagePath
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3688]
C:\Users\user\Desktop\TCPOptimizer.exe
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-68092936-3360490207-1905757635-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9695aa92-be75-11ea-9695-1c6f652af113} => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"HKLM\System\CurrentControlSet\Services\napagent" => removed successfully
napagent => service removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
C:\Users\user\Desktop\TCPOptimizer.exe => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22316895 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 778573 B
Edge => 32312 B
Chrome => 488804488 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 12462 B
NetworkService => 56814 B
user => 80197938 B
 
RecycleBin => 8484 B
EmptyTemp: => 572 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:01:54 ====
 
ESET: 
 
18/04/2021 20:50:01
Files scanned: 322014
Detected files: 0
Cleaned files: 0
Total scan time: 01:49:55
Scan status: Finished
 
At this point I don't think he's on my system anymore bank accounts been blocked email passwords changed he has been messaging my trading212 support trying to get more money out of my account i'm trying to disable the account as we speak as he's changed the password otherwise the pc is perfect his spyware was invisible with no ads or anything to indicate there was spyware on my pc until i realised my things were being used... So i've been looking at the TcpOptimizer app it seems to be safe from what i can see although it seems you have gotten rid of it could you confirm whether it is safe or not?

 

  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,624 posts

At this point I don't think he's on my system anymore bank accounts been blocked email passwords changed he has been messaging my trading212 support trying to get more money out of my account i'm trying to disable the account as we speak as he's changed the password otherwise the pc is perfect his spyware was invisible with no ads or anything to indicate there was spyware on my pc until i realised my things were being used... So i've been looking at the TcpOptimizer app it seems to be safe from what i can see although it seems you have gotten rid of it could you confirm whether it is safe or not?

 
Ηello, justrealdays.
 
It was a bit difficult for me to understand everything you say without puncuation... However, I understand that you have strong evidence to believe that someone got in to your computer, changed passwords and tried to steal money from you. In that case, what you have to do is asking for help from the Authorities. The situation is critical and that is the first thing you should think about. 
 
The logs you provided don't show anything bad, and Malwarebytes and Eset reports are clean.

 

BUT: because of what happened, I can't guanrantee 100% that the computer is safe for use. Probably, reinstalling the operating system would be the best for you to do, to ensure that you are making a fresh start. 
 
As for the TCPOptimizer, since it is not listed in the Installed Programs list, I included the executable file in the fix to get removed. Have in mind, that we do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaners and system optimization software programs, the potential is ever present to cause more problems than they claim to fix.

 

Do you have any other question?


  • 0






Similar Topics

4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP