Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijacked Discord Installer [Closed]


  • This topic is locked This topic is locked

#1
Mr_Anderson

Mr_Anderson

    New Member

  • Member
  • Pip
  • 9 posts

I installed Discord with the wrong installer from a discord search.

 

I used MBAM to remove the infection I hope, but it found 37 things, and I worry that I missed one.

 

Here are the 2 FRST64 log files

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2021
Ran by synde (administrator) on MSI (Micro-Star International Co., Ltd. Bravo 17 A4DDR) (14-05-2021 02:57:49)
Running from C:\Users\synde\Desktop
Loaded Profiles: synde
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0356396.inf_amd64_383feb4787ca17a2\B356520\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0356396.inf_amd64_383feb4787ca17a2\B356520\atiesrxx.exe
(A-Volute SAS -> A-Volute) C:\Users\synde\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicSvc64.exe
(A-Volute SAS -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.51.3002.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.51.3002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MICRO-STAR INTERNATIONAL CO., LTD) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.108.0_x64__kzh8wxbdkxb8p\DCv2\DCv2.exe
(Micro-Star International CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI NBFoundation Service\Sendevsvc.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\MSI NBFoundation Service\MSIAPService.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\MSI NBFoundation Service\OmApSvcBroker.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LightKeeperService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Mystic_Light_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControl_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControlEngine.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
(NortonLifeLock Inc. -> Broadcom) C:\Program Files\Norton Security\Engine\22.21.3.48\NortonSecurity.exe <2>
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.3.48\nsWscSvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_12a8d6d742c436e2\RtkAudUService64.exe <2>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_12a8d6d742c436e2\RtkAudUService64.exe [1211184 2020-12-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-737473049-2190378563-2405002469-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP 7012 Status Monitor: C:\WINDOWS\system32\hpinksts7012LM.dll [328704 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8620): C:\WINDOWS\system32\HPDiscoPM7012.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1E0A4983-992B-4403-BD9E-2FB0D414502A} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [823304 2020-12-09] (A-Volute SAS -> Nahimic)
Task: {2E5A3FAE-E17A-4C7A-8A4B-D316345CB1D9} - System32\Tasks\OmApSvcBroker => C:\Program Files (x86)\MSI\MSI NBFoundation Service\OmApSvcBroker.exe [1072248 2020-06-01] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
Task: {3BF81762-D6AF-47DD-9803-EC531F15959C} - System32\Tasks\MSILEDKeeper2_Host => C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LEDKeeper2.exe [1510576 2020-06-02] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {41489EA3-6E07-4AA5-BE7B-6F5C783BB12F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141144 2021-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {65C934DF-AF73-4EF1-94D7-2A7E97A419C5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2345120 2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {AAA27194-DF58-4910-BD8F-651BC6AE1AD9} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.21.3.48\SymErr.exe [115640 2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {AC1641D8-4335-4958-91CF-502EDE2EC935} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2019-08-08] (Advanced Micro Devices, Inc.) [File not signed]
Task: {AEB80F48-D27D-42DE-BC98-5E3E292FB70F} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {B1324C2F-173A-4E42-A78B-98035C9046A3} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.3.48\WSCStub.exe [643584 2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {B595AA78-B21F-460E-AD5C-303970F9114E} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2019-08-08] (Advanced Micro Devices, Inc.) [File not signed]
Task: {BBAA08EA-104A-4734-84EA-289B39BBB223} - System32\Tasks\OneDC_Updater => C:\Users\synde\Documents\temp\OneDC_Updater\OneDC_Updater.exe [5312632 2020-03-30] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) <==== ATTENTION
Task: {BF6F8680-56DF-49A6-819D-82B76C8E53F4} - System32\Tasks\NahimicTask64 => C:\WINDOWS\system32\.\NahimicSvc64.exe [1067016 2020-12-09] (A-Volute SAS -> Nahimic)
Task: {C1C7FECA-66C7-45BD-B521-3E22ED03D0FB} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.21.3.48\SymErr.exe [115640 2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {D18FA010-2160-4554-8790-95912F7DA771} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {D966F34B-6ABB-4B5D-A76C-0430C24BF907} - System32\Tasks\PostponeDeviceSetupToast_S-1-5-21-737473049-2190378563-2405002469-1001_0 => {5ded83ef-1e99-48cf-bf83-676d2a6db408} C:\Windows\System32\oobe\UserOOBE.dll [412160 2021-05-11] (Microsoft Windows -> Microsoft Corporation)
Task: {DB82F055-0E27-4E4B-A340-61B18A1C72D7} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.3.48\SymErr.exe [115640 2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {E15DE072-278E-40BC-BE5C-08CCB349093E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF281D20-570D-44DA-B1D4-D2CFA1108142} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe [42640 2020-06-02] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {F33E5576-C870-4A3A-A050-25FF5BA4D964} - System32\Tasks\NahimicTask32 => C:\WINDOWS\system32\..\SysWOW64\NahimicSvc32.exe [823304 2020-12-09] (A-Volute SAS -> Nahimic)
Task: {FDE106E7-122F-4687-9139-7BC7C9B539CD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141144 2021-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE02494D-2B6B-4593-8D32-0EE83AB637FA} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1067016 2020-12-09] (A-Volute SAS -> Nahimic)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{8022a26b-7b3b-425d-89c6-d8054b60f833}: [DhcpNameServer] 192.168.86.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\synde\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-14]
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-08] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
R2 LightKeeperService; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LightKeeperService.exe [85136 2020-03-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-14] (Malwarebytes Inc -> Malwarebytes)
R2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI NBFoundation Service\MSIAPService.exe [60880 2020-06-05] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 MSI Sendevsvc; C:\Program Files (x86)\MSI\MSI NBFoundation Service\Sendevsvc.exe [306808 2020-05-11] (Micro-Star International CO., LTD. -> )
R2 MSI_Central_Service; C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe [144528 2019-07-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_Companion_Service; C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe [115344 2020-06-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 Mystic_Light_Service; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Mystic_Light_Service.exe [35504 2020-04-30] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1633288 2020-12-09] (A-Volute SAS -> Nahimic)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.3.48\NortonSecurity.exe [343336 2021-04-30] (NortonLifeLock Inc. -> Broadcom)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.3.48\nsWscSvc.exe [1055048 2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_12a8d6d742c436e2\RtkAudUService64.exe [1211184 2020-12-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 VoiceControlService; C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControl_Service.exe [32432 2020-02-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.40\Definitions\BASHDefs\20210420.013\BHDrvx64.sys [1995864 2021-03-16] (Symantec Corporation -> Broadcom)
R2 BlueStacksDrv_msi2; C:\Program Files\BlueStacks_msi2\BstkDrv_msi2.sys [315768 2019-12-12] (Bluestack Systems, Inc -> Bluestack System Inc.)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\ccSetx64.sys [192248 2021-04-30] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-17] (Symantec Corporation -> Broadcom)
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-18] (Symantec Corporation -> Broadcom)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-05-14] (Malwarebytes Inc -> Malwarebytes)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.40\Definitions\IPSDefs\20210423.061\IDSvia64.sys [1488976 2021-04-14] (Symantec Corporation -> Broadcom)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-14] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-05-14] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-05-14] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-14] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-05-14] (Malwarebytes Inc -> Malwarebytes)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85592 2020-01-17] (A-Volute -> Windows ® Win 7 DDK provider)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\nsvst.sys [56912 2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\SRTSP64.SYS [890464 2021-04-30] (Symantec Corporation -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\SRTSPX64.SYS [50272 2021-04-30] (Symantec Corporation -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\SYMEFASI64.SYS [2062424 2021-04-30] (Symantec Corporation -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\SymELAM.sys [25080 2021-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99848 2020-07-07] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.40\SymPlatform\SymEvnt.sys [712424 2020-08-01] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\Ironx64.SYS [316488 2021-04-30] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\symnets.sys [575328 2021-04-30] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\MSI NBFoundation Service\KernCoreLib64.sys [25656 2018-11-15] (Micro-Star International CO., LTD. -> )
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\wpCtrlDrv.sys [1013792 2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-14 02:57 - 2021-05-14 02:58 - 000019046 _____ C:\Users\synde\Desktop\FRST.txt
2021-05-14 02:39 - 2021-05-14 02:39 - 000003376 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2021-05-14 02:39 - 2021-05-14 02:39 - 000000000 ____D C:\Users\synde\AppData\Local\CrashDumps
2021-05-14 02:38 - 2021-05-14 02:38 - 000004036 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-737473049-2190378563-2405002469-1001_0
2021-05-14 02:37 - 2021-05-14 02:37 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-05-14 02:37 - 2021-05-14 02:37 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-05-14 02:37 - 2021-05-14 02:37 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-05-14 02:33 - 2021-05-14 02:33 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-14 02:33 - 2021-05-14 02:33 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-14 02:33 - 2021-05-14 02:33 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-14 02:33 - 2021-05-14 02:33 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-14 02:33 - 2021-05-14 02:33 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-14 02:33 - 2021-05-14 02:33 - 000000000 ____D C:\Users\synde\AppData\Local\mbam
2021-05-14 02:32 - 2021-05-14 02:32 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-05-14 02:32 - 2021-05-14 02:32 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-05-14 02:32 - 2021-05-14 02:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-14 02:32 - 2021-05-14 02:32 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-14 02:31 - 2021-05-14 02:31 - 002078632 _____ (Malwarebytes) C:\Users\synde\Downloads\MBSetup.exe
2021-05-14 02:31 - 2021-05-14 02:31 - 002078632 _____ (Malwarebytes) C:\Users\synde\Downloads\MBSetup (1).exe
2021-05-14 02:27 - 2021-05-14 02:58 - 000000000 ____D C:\FRST
2021-05-14 02:25 - 2021-05-14 02:26 - 002299392 _____ (Farbar) C:\Users\synde\Desktop\FRST64.exe
2021-05-14 02:25 - 2021-05-14 02:25 - 002299392 _____ (Farbar) C:\Users\synde\Downloads\Unconfirmed 669051.crdownload
2021-05-14 02:25 - 2021-05-14 02:25 - 002299392 _____ (Farbar) C:\Users\synde\Downloads\Unconfirmed 439915.crdownload
2021-05-14 02:25 - 2021-05-14 02:25 - 002299392 _____ (Farbar) C:\Users\synde\Downloads\Unconfirmed 343513.crdownload
2021-05-14 02:00 - 2021-05-14 02:35 - 000000000 ____D C:\Users\synde\AppData\Roaming\Digital Protection Services S.R.L
2021-05-14 02:00 - 2021-05-14 02:00 - 062636856 _____ (Discord Inc.) C:\Users\synde\Downloads\Discord.exe
2021-05-14 02:00 - 2021-05-14 02:00 - 000016438 _____ C:\Users\synde\AppData\Local\partner.bmp
2021-05-14 01:59 - 2021-05-14 02:37 - 000000000 ____D C:\ProgramData\OrdinaryVanoLength
2021-05-14 01:53 - 2021-05-14 01:53 - 000000000 ____D C:\ProgramData\EarthInstaller
2021-05-14 00:26 - 2021-05-14 00:26 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-05-11 02:29 - 2021-05-10 22:33 - 000000000 ____D C:\Windows.old
2021-05-11 02:28 - 2021-05-11 02:29 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-05-11 02:27 - 2021-05-11 02:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-05-11 02:27 - 2021-05-11 02:27 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-05-11 02:26 - 2021-05-11 02:26 - 000000000 ____D C:\ProgramData\ssh
2021-05-11 02:23 - 2021-05-11 02:23 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-05-11 02:23 - 2021-05-11 02:23 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-11 02:23 - 2021-05-11 02:23 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-11 02:23 - 2021-05-11 02:23 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-11 02:23 - 2021-05-11 02:23 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-11 02:23 - 2021-05-11 02:23 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-11 02:23 - 2021-05-11 02:23 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-11 02:23 - 2021-05-11 02:23 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-05-11 02:23 - 2021-05-11 02:23 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-05-11 02:23 - 2021-05-11 02:23 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-05-11 02:23 - 2021-05-11 02:23 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-05-11 02:23 - 2021-05-11 02:23 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-05-11 02:23 - 2021-05-11 02:23 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-05-11 02:23 - 2021-05-11 02:23 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-05-11 02:23 - 2021-05-11 02:23 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-05-11 02:23 - 2021-05-11 02:23 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-05-11 02:23 - 2021-05-11 02:23 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-05-11 02:23 - 2021-05-11 02:23 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-05-11 02:23 - 2021-05-11 02:23 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-11 02:23 - 2021-05-11 02:23 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-05-11 02:23 - 2021-05-11 02:23 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-05-11 02:23 - 2021-05-11 02:23 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-05-11 02:23 - 2021-05-11 02:23 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-05-11 02:23 - 2021-05-11 02:23 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-05-11 02:23 - 2021-05-11 02:23 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-05-11 02:23 - 2021-05-11 02:23 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-05-11 02:23 - 2021-05-11 02:23 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-05-11 02:23 - 2021-05-11 02:23 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-11 02:23 - 2021-05-11 02:23 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-05-11 02:23 - 2021-05-11 02:23 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-05-11 02:23 - 2021-05-11 02:23 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-05-11 02:23 - 2021-05-11 02:23 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-11 02:23 - 2021-05-11 02:23 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-11 02:23 - 2021-05-11 02:23 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-05-11 02:23 - 2021-05-11 02:23 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-05-10 22:35 - 2021-05-10 22:35 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-05-10 22:34 - 2021-05-14 02:42 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-10 22:33 - 2021-05-14 02:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security
2021-05-10 22:33 - 2021-05-14 02:38 - 000003112 _____ C:\WINDOWS\system32\Tasks\NahimicTask32
2021-05-10 22:33 - 2021-05-14 02:38 - 000003092 _____ C:\WINDOWS\system32\Tasks\NahimicTask64
2021-05-10 22:33 - 2021-05-14 02:38 - 000003088 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-05-10 22:33 - 2021-05-14 02:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-10 22:33 - 2021-05-10 22:36 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-737473049-2190378563-2405002469-1001
2021-05-10 22:33 - 2021-05-10 22:33 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-05-10 22:33 - 2021-05-10 22:33 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-05-10 22:33 - 2021-05-10 22:33 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-10 22:33 - 2021-05-10 22:33 - 000003268 _____ C:\WINDOWS\system32\Tasks\MSI Task Host - DisplayID
2021-05-10 22:33 - 2021-05-10 22:33 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-10 22:33 - 2021-05-10 22:33 - 000002852 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-737473049-2190378563-2405002469-500
2021-05-10 22:33 - 2021-05-10 22:33 - 000002826 _____ C:\WINDOWS\system32\Tasks\OneDC_Updater
2021-05-10 22:33 - 2021-05-10 22:33 - 000002388 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2021-05-10 22:33 - 2021-05-10 22:33 - 000002342 _____ C:\WINDOWS\system32\Tasks\NahimicSvc64Run
2021-05-10 22:33 - 2021-05-10 22:33 - 000002342 _____ C:\WINDOWS\system32\Tasks\NahimicSvc32Run
2021-05-10 22:33 - 2021-05-10 22:33 - 000002278 _____ C:\WINDOWS\system32\Tasks\OmApSvcBroker
2021-05-10 22:33 - 2021-05-10 22:33 - 000002254 _____ C:\WINDOWS\system32\Tasks\MSILEDKeeper2_Host
2021-05-10 22:33 - 2021-05-10 22:33 - 000002148 _____ C:\WINDOWS\system32\Tasks\MSISW_Host
2021-05-10 22:33 - 2021-05-10 22:33 - 000000020 ___SH C:\Users\synde\ntuser.ini
2021-05-10 22:33 - 2020-07-07 19:25 - 000002852 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3813482199-2967970838-579574770-500
2021-05-10 22:33 - 2019-11-13 13:43 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3246922579-2884849309-941848276-500
2021-05-10 22:31 - 2021-05-10 22:31 - 000000252 ____H C:\WINDOWS\Tasks\MSISW_Host.job
2021-05-10 22:31 - 2021-05-10 22:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2021-05-10 22:30 - 2021-05-10 22:36 - 000002370 _____ C:\Users\synde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-10 22:30 - 2021-05-10 22:33 - 000000000 ____D C:\Users\synde
2021-05-10 22:29 - 2021-05-14 02:37 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-10 22:29 - 2021-05-11 00:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-10 22:29 - 2021-05-10 22:29 - 000580488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-14 02:57 - 2020-07-07 20:06 - 000000000 ____D C:\ProgramData\Common
2021-05-14 02:52 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-14 02:42 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-14 02:37 - 2021-01-07 01:00 - 000000000 ____D C:\Users\synde\AppData\Roaming\com.silhouettesoftware
2021-05-14 02:37 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-14 02:32 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-14 01:35 - 2021-01-07 00:38 - 000000000 ____D C:\Users\synde\AppData\Local\D3DSCache
2021-05-14 01:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-14 00:37 - 2019-11-13 13:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-14 00:19 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-11 02:29 - 2021-01-09 21:16 - 000000000 ____D C:\Program Files\UNP
2021-05-11 02:29 - 2020-07-07 18:42 - 000000000 ____D C:\WINDOWS\system32\A-Volute
2021-05-11 02:29 - 2019-12-07 05:18 - 000000000 ____D C:\WINDOWS\Setup
2021-05-11 02:29 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-05-11 02:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-05-11 02:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-05-11 02:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-11 02:29 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-05-11 02:29 - 2019-11-13 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-05-11 02:29 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-05-11 02:29 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-05-11 02:28 - 2021-03-10 01:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2021-05-11 02:28 - 2021-01-07 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embrilliance
2021-05-11 02:28 - 2021-01-07 00:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silhouette America
2021-05-11 02:28 - 2020-07-07 18:39 - 000000000 ____D C:\WINDOWS\system32\AMD
2021-05-11 02:26 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-05-11 02:26 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-05-11 02:26 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-05-11 02:26 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-05-11 02:25 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-11 02:25 - 2019-12-07 05:52 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-05-10 23:31 - 2021-01-07 01:00 - 000000000 ____D C:\ProgramData\com.aspexsoftware.Silhouette_Studio.8
2021-05-10 23:29 - 2021-01-10 01:08 - 000000000 ____D C:\Users\synde\Documents\Silouhette
2021-05-10 23:27 - 2021-01-07 01:01 - 000000000 ____D C:\Users\synde\AppData\Roaming\com.aspexsoftware.ss_bluetooth
2021-05-10 23:27 - 2021-01-07 01:00 - 000000000 ____D C:\Users\synde\AppData\Roaming\com.silhouettesoftware.scratch.1
2021-05-10 22:57 - 2021-01-07 01:06 - 000000000 ____D C:\Program Files\Common Files\AV
2021-05-10 22:49 - 2021-01-07 00:38 - 000000000 ____D C:\Users\synde\AppData\Local\Packages
2021-05-10 22:49 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-10 22:36 - 2021-01-07 00:40 - 000000000 ___RD C:\Users\synde\OneDrive
2021-05-10 22:35 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-10 22:34 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-05-10 22:33 - 2021-04-02 23:24 - 000000000 ___DC C:\WINDOWS\Panther
2021-05-10 22:33 - 2021-01-07 00:38 - 000000000 ___RD C:\Users\synde\3D Objects
2021-05-10 22:33 - 2021-01-07 00:04 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-10 22:33 - 2021-01-07 00:04 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-10 22:33 - 2021-01-07 00:04 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-10 22:33 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-10 22:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-10 22:33 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-05-10 22:33 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-05-10 22:33 - 2019-11-13 13:43 - 000000000 ____D C:\ProgramData\Packages
2021-05-10 22:33 - 2019-11-13 13:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-05-10 22:31 - 2020-07-07 19:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2021-05-10 22:31 - 2019-12-07 05:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-05-10 22:30 - 2021-02-17 23:18 - 000000000 ____D C:\Users\synde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-05-10 22:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-10 22:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-05-09 22:02 - 2019-11-13 15:05 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-25 16:07 - 2020-07-07 18:42 - 000000000 ____D C:\ProgramData\A-Volute
 
==================== Files in the root of some directories ========
 
2021-01-07 01:00 - 2021-01-07 01:00 - 000000008 _____ () C:\Users\synde\AppData\Roaming\com.silhouettesoftware.id
2021-05-14 02:00 - 2021-05-14 02:00 - 000016438 _____ () C:\Users\synde\AppData\Local\partner.bmp
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2021
Ran by synde (14-05-2021 03:00:17)
Running from C:\Users\synde\Desktop
Windows 10 Home Version 20H2 19042.867 (X64) (2021-05-11 02:33:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-737473049-2190378563-2405002469-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-737473049-2190378563-2405002469-503 - Limited - Disabled)
Guest (S-1-5-21-737473049-2190378563-2405002469-501 - Limited - Disabled)
synde (S-1-5-21-737473049-2190378563-2405002469-1001 - Administrator - Enabled) => C:\Users\synde
WDAGUtilityAccount (S-1-5-21-737473049-2190378563-2405002469-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Norton Security (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.06.12.340 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.10.23.01 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{0488acd8-8b22-4ac2-9f09-e99122912fa8}) (Version: 2.06.12.340 - Advanced Micro Devices, Inc.) Hidden
Embrilliance version BriTon Leap Embrilliance 1.168 (HKLM\...\{CD06BE8E-4E09-4FC6-9098-94F0D6FE86F1}_is1) (Version: BriTon Leap Embrilliance 1.168 - BriTon Leap, Inc.)
ENE RGB HAL (HKLM\...\{8DA1B230-D82E-4A24-9237-363E2E1E2695}) (Version: 1.0.21.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{bb670f8d-3d66-4f36-8e60-02b71bb0a4e9}) (Version: 1.0.21.0 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM\...\{978E8FD1-5778-47EF-91A4-F891DA415DDE}) (Version: 1.0.4.0 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM-x32\...\{587316c6-4804-4857-af01-1f2f78d4a0e5}) (Version: 1.0.4.0 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.6.0 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{d8516682-de60-4332-ad6f-49373754b677}) (Version: 1.0.6.0 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_SSS_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.1.0 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_SSS_HAL (HKLM-x32\...\{20610ecc-e094-423e-af0c-7d0bcfe117e9}) (Version: 1.0.1.0 - ENE TECHNOLOGY INC.) Hidden
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Malwarebytes version 4.3.3.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13929.20296 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-737473049-2190378563-2405002469-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{8e24fb65-31aa-446d-9c3e-35c5e11cb367}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
MSI App Player (HKLM\...\BlueStacks_msi2) (Version: 4.150.10.6302 - BlueStack Systems, Inc.)
MSI NBFoundation Service (HKLM-x32\...\{949A5329-B6AF-444F-BCDC-1F39F516D40C}) (Version: 1.0.2006.0501 - MSI) Hidden
MSI NBFoundation Service (HKLM-x32\...\InstallShield_{949A5329-B6AF-444F-BCDC-1F39F516D40C}) (Version: 1.0.2006.0501 - MSI)
MSI SDK (HKLM-x32\...\{EE7D557C-3AE7-4348-8DCA-3A89790D0002}}_is1) (Version: 1.0.0.43 - MSI)
Norton Security (HKLM-x32\...\NGC) (Version: 22.21.3.48 - NortonLifeLock Inc)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.36.701.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8858.1 - Realtek Semiconductor Corp.)
Silhouette Studio (HKLM\...\{4500D64E-50EC-4E70-8CF3-FB524469C01C}) (Version: 4.4.463 - Silhouette America)
SSO (HKLM-x32\...\SSO) (Version: 1.8.7.7 - Ordinary Vano Length.)
Zoom (HKU\S-1-5-21-737473049-2190378563-2405002469-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
 
Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10027.0_x64__0a9344xs7nr4m [2021-05-10] (Advanced Micro Devices Inc.) [Startup Task]
AudioDirector for MSI -> C:\Program Files\WindowsApps\CyberLink.AudioDirectorforMSI_7.0.9105.0_x64__jtmmp2jxy9gb6 [2020-07-07] (CyberLink)
ColorDirector for MSI -> C:\Program Files\WindowsApps\CyberLink.ColorDirectorforMSI_5.0.8107.0_x64__jtmmp2jxy9gb6 [2020-07-07] (CyberLink)
DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.108.0_x64__kzh8wxbdkxb8p [2021-05-09] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.0.1.0_neutral__w1wdnht996qgy [2020-07-07] (LinkedIn)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-07] (Microsoft Corporation) [MS Ad]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.1810.0_x64__8wekyb3d8bbwe [2021-03-09] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-14] (Microsoft Studios) [MS Ad]
Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_2.2.10190.0_x64__8wekyb3d8bbwe [2021-01-07] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.8.904.0_x64__8wekyb3d8bbwe [2021-01-07] (Microsoft Studios) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2021-01-07] (MAGIX)
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.6.5.0_x64__w2gh52qy24etm [2021-04-25] (A-Volute)
PhotoDirector 10 Essential for MSI -> C:\Program Files\WindowsApps\CyberLink.PhotoDirector10EssentialforMSI_10.0.2326.0_x64__jtmmp2jxy9gb6 [2020-07-07] (CyberLink)
PowerDirector 17 Essential for MSI -> C:\Program Files\WindowsApps\CyberLink.PowerDirector17EssentialforMSI_17.0.2712.0_x64__jtmmp2jxy9gb6 [2020-07-07] (CyberLink)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.20.238.0_x64__dt26b99r8h8gj [2021-03-09] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0 [2021-05-14] (Spotify AB) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2021-01-07] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-737473049-2190378563-2405002469-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\synde\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.3.48\buShell.dll [2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.3.48\buShell.dll [2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.3.48\buShell.dll [2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.3.48\buShell.dll [2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.3.48\buShell.dll [2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.3.48\buShell.dll [2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.3.48\buShell.dll [2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.3.48\NavShExt.dll [2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.3.48\NavShExt.dll [2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.3.48\buShell.dll [2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.3.48\NavShExt.dll [2021-04-30] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-07-07 19:03 - 2020-07-07 19:03 - 002972368 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [File not signed] C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.108.0_x64__kzh8wxbdkxb8p\DCv2\Device\GM6070\IcMSIDll.dll
2019-07-02 18:07 - 2019-07-02 18:07 - 000014632 _____ (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\MSI\MSI NBFoundation Service\UEFIVaribleDll.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-737473049-2190378563-2405002469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-737473049-2190378563-2405002469-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=NMTE
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-09] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-19 00:49 - 2019-03-19 00:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-737473049-2190378563-2405002469-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg
DNS Servers: 192.168.86.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C04CB391-BEAE-4A5B-9C49-D33B38257884}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{739C0C0A-2710-402B-85A4-B006E2D038AE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.56\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7AA7C9FB-7397-467D-8CC7-F26E968F2E96}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{669E5D16-6A33-4986-95DA-38F9AB338103}] => (Allow) LPort=5357
FirewallRules: [{EB38EC50-EA1B-4219-ABE6-B571C9CDFAE1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{3E1E73FE-E76C-4CA1-B9E1-ED2457DB473B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{CB154080-70A8-4B3A-A94D-950FE6DA4FF7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{528DC95F-D1B2-4B36-917D-D0BD79EB3B65}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{1E581001-46F1-4324-A3CA-7EC96814DF9C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2258EDBB-7A4A-4D66-908B-29A3E43BC3CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{361F4BD3-3A7A-46CF-9F33-B90EC590D1E8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{475C10A8-C6C5-423B-A441-A19091A7BBEB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D4ACCE76-2330-445A-870B-CA8480E6AC68}] => (Allow) C:\Users\synde\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{FCEE3622-6686-451A-9303-207E093160E1}] => (Allow) C:\Users\synde\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{722DE868-D88E-4D0B-BDB9-55514FC9899E}] => (Allow) C:\Users\synde\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C3E4F76F-B0B0-447F-ABEB-B4169D6E0EB5}] => (Allow) C:\Program Files\BlueStacks_msi2\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{95329D7F-563A-4A4C-9A51-258B1B86BC19}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{51A5C0E0-CA02-4032-83C8-D46357AA11AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{582D3173-5A86-4FDB-A49E-69C9E5158907}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1E360A6E-958B-4556-B6A4-150E1EAA05F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3EF72C13-FFB1-496D-A852-AF918AE7FE2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DDB6E21A-6C1A-42A6-B767-F7DE5B7D99DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22CD9835-A754-4634-BE97-37BF18447C72}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{94708E64-F685-4C82-9BF4-05BED922E2FD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DA29A830-2BDD-4C34-B619-45E3B174898D}] => (Allow) LPort=32682
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:455.75 GB) (Free:383.1 GB) (84%)
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/14/2021 02:57:44 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
 
Error: (05/14/2021 02:39:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.987, time stamp: 0x60894603
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0x850
Faulting application start time: 0x01d7488bbb21e438
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 8a83376c-db35-41b9-b77d-bb12104b34e6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/14/2021 02:38:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSI.CentralServer.exe, version: 1.0.0.43, time stamp: 0x5ed627e7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x050e21b9
Faulting process id: 0x20b0
Faulting application start time: 0x01d7488bbc57c478
Faulting application path: C:\Program Files (x86)\MSI\One Dragon Center\MSI.CentralServer.exe
Faulting module path: unknown
Report Id: 2f366e4a-aeca-4de5-875e-888955a5f5ac
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/14/2021 02:38:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI.CentralServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at MSI.CentralServer.C_OnlineData.Override_Define()
   at MSI.CentralServer.Program.Main(System.String[])
 
Error: (05/10/2021 10:34:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.844, time stamp: 0x69441820
Faulting module name: ConstraintIndex.Search.dll, version: 10.0.19041.746, time stamp: 0xd439ca93
Exception code: 0xc0000005
Fault offset: 0x000000000003f170
Faulting process id: 0x2e40
Faulting application start time: 0x01d7460e18cff830
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\ConstraintIndex.Search.dll
Report Id: 7c138307-d557-4c5c-b6fc-970b4bd38c9b
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (05/10/2021 10:34:10 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
 
Error: (05/10/2021 10:34:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSI.CentralServer.exe, version: 1.0.0.43, time stamp: 0x5ed627e7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x05e30c31
Faulting process id: 0x252c
Faulting application start time: 0x01d7460e12ac2072
Faulting application path: C:\Program Files (x86)\MSI\One Dragon Center\MSI.CentralServer.exe
Faulting module path: unknown
Report Id: 554fdf40-fe9e-4e6b-b449-268276fc1727
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/10/2021 10:34:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI.CentralServer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at MSI.CentralServer.C_OnlineData.Override_Define()
   at MSI.CentralServer.Program.Main(System.String[])
 
 
System errors:
=============
Error: (05/14/2021 02:39:37 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (05/14/2021 02:38:51 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (05/14/2021 01:01:39 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (05/14/2021 12:20:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MWPM2CQNLHN-Microsoft.GamingServices.
 
Error: (05/14/2021 12:19:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.
 
Error: (05/14/2021 12:16:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MWPM2CQNLHN-Microsoft.GamingServices.
 
Error: (05/14/2021 12:16:10 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (05/10/2021 10:35:21 PM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2021-05-14 01:36:18
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-05-14 02:40:42
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.3.48\symamsi.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. E17FKAMS.116 07/10/2020
Motherboard: Micro-Star International Co., Ltd. MS-17FK
Processor: AMD Ryzen 7 4800H with Radeon Graphics 
Percentage of memory in use: 62%
Total physical RAM: 7579.23 MB
Available physical RAM: 2834.86 MB
Total Virtual: 15259.23 MB
Available Virtual: 9704.9 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:455.75 GB) (Free:383.1 GB) NTFS
 
\\?\Volume{fe7903ac-fb1b-4658-a901-fbe75a63bfe5}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.45 GB) NTFS
\\?\Volume{deb3867f-3ce0-4023-8dda-f5394939417a}\ (BIOS_RVY) (Fixed) (Total:19.9 GB) (Free:0.69 GB) NTFS
\\?\Volume{e4059a51-f2dc-4372-90af-b2e11e799b8b}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 787435D1)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hi, Mr_Anderson.
 
I don't see signs of an active infection in your logs. Are you experiencing any specific problems?
 
Please, let me see the Malwarebytes report:

  • Open Malwarebytes, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

Just to ensure that everything is clean:
 
 ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

In your next reply, please post:

  • The Malwarebytes report
  • The eset.txt

  • 0

#3
Mr_Anderson

Mr_Anderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Well, the MBAM reports didn't seem to be in a copy type mode, so I saved the reports from the last 2 scans, the one that quarantined, and the one after that said clean. The ESET results are very brief at the end of the post.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 5/14/21
Scan Time: 2:33 AM
Log File: 5437e456-b47e-11eb-99db-085bd64ee4e4.json
 
-Software Information-
Version: 4.3.3.116
Components Version: 1.0.1292
Update Package Version: 1.0.40364
License: Trial
 
-System Information-
OS: Windows 10 (Build 19042.867)
CPU: x64
File System: NTFS
User: MSI\synde
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 277681
Threats Detected: 37
Threats Quarantined: 37
Time Elapsed: 1 min, 46 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 2
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\QDU.EXE, Quarantined, 1174, 814053, , , , , A151EE5A70A028416FE836D81C5B43DA, 1977E7356C6A8B5225A49E942B8AD9DDB9CFACDAE21E2CC624CB8F0E14318E9F
Adware.OpenSoftwareUpdater, C:\PROGRAMDATA\ORDINARYVANOLENGTH\ORDINARYVANOLENGTH.EXE, Quarantined, 578, 832151, , , , , 0928B32523F993C0F8B4DB1A7EF5D73A, 3F6F6F9B918E61F7CA4EAEA5AA46CD1AF9317D2D22270543B17E17891D1D8B2E
 
Module: 2
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\QDU.EXE, Quarantined, 1174, 814053, , , , , A151EE5A70A028416FE836D81C5B43DA, 1977E7356C6A8B5225A49E942B8AD9DDB9CFACDAE21E2CC624CB8F0E14318E9F
Adware.OpenSoftwareUpdater, C:\PROGRAMDATA\ORDINARYVANOLENGTH\ORDINARYVANOLENGTH.EXE, Quarantined, 578, 832151, , , , , 0928B32523F993C0F8B4DB1A7EF5D73A, 3F6F6F9B918E61F7CA4EAEA5AA46CD1AF9317D2D22270543B17E17891D1D8B2E
 
Registry Key: 12
PUP.Optional.QuickDriverUpdater, HKU\S-1-5-18\SOFTWARE\DIGITAL PROTECTION SERVICES S.R.L\Quick Driver Updater, Quarantined, 1174, 814063, 1.0.40364, , ame, , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\qdu-pr, Quarantined, 1174, 814062, 1.0.40364, , ame, , , 
Adware.SpecialSearchOffer, HKLM\SOFTWARE\WOW6432NODE\SSO, Quarantined, 522, 625619, 1.0.40364, , ame, , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\DIGITAL PROTECTION SERVICES S.R.L\Quick Driver Updater, Quarantined, 1174, 814059, 1.0.40364, , ame, , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_IS1, Quarantined, 1174, 814060, 1.0.40364, , ame, , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Quick Driver Updater skipuac, Quarantined, 1174, 814053, , , , , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F5FC1061-6894-4FCA-ADC5-3C43558BFAB9}, Quarantined, 1174, 814053, , , , , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F5FC1061-6894-4FCA-ADC5-3C43558BFAB9}, Quarantined, 1174, 814053, , , , , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Quick Driver Updater_Logon, Quarantined, 1174, 814053, , , , , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8E9DBA87-94DB-4DE6-B806-AA14FFBA3783}, Quarantined, 1174, 814053, , , , , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{8E9DBA87-94DB-4DE6-B806-AA14FFBA3783}, Quarantined, 1174, 814053, , , , , , 
Adware.OpenSoftwareUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OrdinaryVanoLength, Quarantined, 578, 832151, , , , , , 
 
Registry Value: 2
Adware.SpecialSearchOffer, HKLM\SOFTWARE\WOW6432NODE\SSO|TICKET, Quarantined, 522, 625619, 1.0.40364, , ame, , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_IS1|DISPLAYNAME, Quarantined, 1174, 814060, 1.0.40364, , ame, , , 
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 5
PUP.Optional.QuickDriverUpdater, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\QUICK DRIVER UPDATER, Quarantined, 1174, 814055, 1.0.40364, , ame, , , 
PUP.Optional.QuickDriverUpdater, C:\Users\synde\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvDownload, Quarantined, 1174, 814057, , , , , , 
PUP.Optional.QuickDriverUpdater, C:\Users\synde\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvBackups, Quarantined, 1174, 814057, , , , , , 
PUP.Optional.QuickDriverUpdater, C:\USERS\SYNDE\APPDATA\ROAMING\DIGITAL PROTECTION SERVICES S.R.L.\QUICK DRIVER UPDATER, Quarantined, 1174, 814057, 1.0.40364, , ame, , , 
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER, Quarantined, 1174, 814201, 1.0.40364, , ame, , , 
 
File: 14
PUP.Optional.QuickDriverUpdater, C:\USERS\PUBLIC\DESKTOP\QUICK DRIVER UPDATER.LNK, Quarantined, 1174, 814056, 1.0.40364, , ame, , E5D256D61469BB8F4AF67B026E6EF77B, A8D424B7E2D76C17A3A4D7E5B7880876A092418445DD5E8CB15A3B64C0FAD474
PUP.Optional.QuickDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Driver Updater\Quick Driver Updater.lnk, Quarantined, 1174, 814055, , , , , 2BECFADB7DE405FC9B7DA1FDB46094D1, FED1D1E471CEA8CB9B20794BC8997B2E798DB8DEB58CB7676CEF8D3F2103BD9C
PUP.Optional.QuickDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Driver Updater\Uninstall Quick Driver Updater.lnk, Quarantined, 1174, 814055, , , , , 7DF48FC5E803EB43EF986AE297DF1F2F, 77A139D820B3A8DC14265AE5FF8F61DB87FA4FBA2DB8AC0C5F8AC9C9C2286E19
PUP.Optional.QuickDriverUpdater, C:\Users\synde\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Errorlog.txt, Quarantined, 1174, 814057, , , , , ABD07EAF98C44B8D82E896ED6EC87D21, AC47970BD7C58E4A33A8B208F69F6966A38E1768796C6C65CE992A2763FBCC8C
PUP.Optional.QuickDriverUpdater, C:\Users\synde\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Mydb.sqlite, Quarantined, 1174, 814057, , , , , CDB3BC372B2AB5C0081D9133D0942CEA, 5EAFF2B6227D48CB84CADE8A89CA596822EFCAED2115A4D1F07787273C0151FD
PUP.Optional.QuickDriverUpdater, C:\Users\synde\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\notifier.xml, Quarantined, 1174, 814057, , , , , 7E4D30FC55C9DC432D36275C8327E6CA, A3F57964E746687967560600E725474F9879DBFE0E077CBBEE03DD547D07C16B
PUP.Optional.QuickDriverUpdater, C:\Users\synde\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\res.bin, Quarantined, 1174, 814057, , , , , B9E9AA350C56526A7973B4FC9B3065E6, AB352ABAE38F06CB6B86E7985F7839A9FFDCEF193F421394DB223F5B949A6B17
PUP.Optional.QuickDriverUpdater, C:\Users\synde\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Result.cb, Quarantined, 1174, 814057, , , , , 395BEA877781E9975FE7E40E28841292, 93C1429FC92CC400FB93EF6A22E69F62FFC829F2D1DC73C55A7F16F70080AEDB
PUP.Optional.QuickDriverUpdater, C:\Users\synde\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\update.xml, Quarantined, 1174, 814057, , , , , 4F063019209D3B934336BFA6163E1651, BE29F014381F9ACE5383F255EF6193FC77FE78097AC0A95E33EF50664A6DCCFB
PUP.Optional.QuickDriverUpdater, C:\WINDOWS\SYSTEM32\TASKS\Quick Driver Updater skipuac, Quarantined, 1174, 814053, , , , , AD69A86998A73DD8BE088DBA58861E65, 550E14A00D9FB43FA5667712024BD45EBBF805B76AAD435FF658E2A56AE10A13
PUP.Optional.QuickDriverUpdater, C:\WINDOWS\SYSTEM32\TASKS\Quick Driver Updater_Logon, Quarantined, 1174, 814053, , , , , B6A12EF7DDC88BADB4A246251A910A40, E0D27D5867392CBA6A16EBCD0ADBD20796D74FACCCCC3A89E89C2468774906D1
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\QDU.EXE, Quarantined, 1174, 814053, 1.0.40364, , ame, , A151EE5A70A028416FE836D81C5B43DA, 1977E7356C6A8B5225A49E942B8AD9DDB9CFACDAE21E2CC624CB8F0E14318E9F
Adware.OpenSoftwareUpdater, C:\PROGRAMDATA\ORDINARYVANOLENGTH\ORDINARYVANOLENGTH.EXE, Quarantined, 578, 832151, 1.0.40364, 3FECF2473E5CB9E0DE5C5414, dds, 01241484, 0928B32523F993C0F8B4DB1A7EF5D73A, 3F6F6F9B918E61F7CA4EAEA5AA46CD1AF9317D2D22270543B17E17891D1D8B2E
PUP.Optional.RelevantKnowledge, C:\USERS\SYNDE\APPDATA\LOCAL\TEMP\CSM8FD6.TMP, Quarantined, 1514, 294396, 1.0.40364, 79BC08F34C10288FFCCBA1F0, dds, 01241484, DC34CE192A87D30532FCB062E13B5A02, AD2E74C503F7CD99F6862F19BB046A5558A1BC8B3D0DC8F7E68EF43CDA3C4E70
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 5/14/21
Scan Time: 2:39 AM
Log File: 1f46542a-b47f-11eb-8554-085bd64ee4e4.json
 
-Software Information-
Version: 4.3.3.116
Components Version: 1.0.1292
Update Package Version: 1.0.40364
License: Trial
 
-System Information-
OS: Windows 10 (Build 19042.867)
CPU: x64
File System: NTFS
User: MSI\synde
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 277534
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 18 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
5/14/2021 14:11:50 PM
Files scanned: 439999
Detected files: 0
Cleaned files: 0
Total scan time: 00:40:13
Scan status: Finished
 

  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hi, Mr_Anderson.
 
The reports above are good.
 
I would like to see another scan:

Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

Do you have any other issues regarding this computer?


  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Are you still with me?


  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Due to lack of feedback, I'm closing this topic.
 
Mr_Anderson, if you need it reopened, please send me a personal message (Hoover with the mouse on my profile name and choose Send message.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP