Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

StartupCheckLibrary.dll and winscomrssrv.dll missing [Solved]

StartupCheckLibrary.dll winscomrssrv.dll

  • This topic is locked This topic is locked

#1
icekite

icekite

    New Member

  • Member
  • Pip
  • 8 posts

Hello, whenever I start my pc I get 2 error messages coming up saying that StartupCheckLibrary.dll and winscomrssrv.dll is missing.


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hello, and welcome to GTG Forums.
 
To begin with:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#3
icekite

icekite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here are the two logs

Attached Files


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hi, icekite.

Thank you for the logs. I'm currently reviewing them. 

Meanwhile, adhere to the guidelines below:

 

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


  • 0

#5
icekite

icekite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Alright I got it


  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Let's begin, then.
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
FirewallRules: [UDP Query User{951C75BC-8CF6-45A5-9CCD-E192C8DD8B59}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [TCP Query User{1F2B608B-31B0-43E8-A327-1C1AF5577B1A}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [UDP Query User{7B962ED5-006C-4FED-ACBB-4ECF61976C0D}C:\users\user\downloads\processing-3.5.4-windows64\processing-3.5.4\java\bin\java.exe] => (Allow) C:\users\user\downloads\processing-3.5.4-windows64\processing-3.5.4\java\bin\java.exe => No File
FirewallRules: [TCP Query User{CF29BBFC-648D-417E-9C2C-DF570F0B278C}C:\users\user\downloads\processing-3.5.4-windows64\processing-3.5.4\java\bin\java.exe] => (Allow) C:\users\user\downloads\processing-3.5.4-windows64\processing-3.5.4\java\bin\java.exe => No File
FirewallRules: [UDP Query User{A7948C7B-1EFF-418C-BA38-04D138E6F43A}C:\users\user\appdata\local\programs\opera\70.0.3728.189\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\70.0.3728.189\opera.exe => No File
FirewallRules: [TCP Query User{FEF44655-1FFD-43A2-ABC5-42EBDC9FACBC}C:\users\user\appdata\local\programs\opera\70.0.3728.189\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\70.0.3728.189\opera.exe => No File
FirewallRules: [UDP Query User{19EFAE8F-4556-4DC2-868A-35A7476C60E5}D:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) D:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{A7A5132C-4B09-4642-8BC6-531AF3E2F916}D:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) D:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{BF69AC6B-B200-4704-A4DF-E61A4F30F7F1}C:\users\user\appdata\local\programs\opera\70.0.3728.178\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\70.0.3728.178\opera.exe => No File
FirewallRules: [TCP Query User{346E60FF-800E-46A8-B2ED-E4256AEA503B}C:\users\user\appdata\local\programs\opera\70.0.3728.178\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\70.0.3728.178\opera.exe => No File
FirewallRules: [UDP Query User{05D9C792-C66B-417B-A230-B2003D233C48}D:\program files\epic games\ue_4.25\engine\binaries\win64\ue4editor.exe] => (Block) D:\program files\epic games\ue_4.25\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [TCP Query User{C19FD089-D032-442E-8B7B-D6C1B1FF2F95}D:\program files\epic games\ue_4.25\engine\binaries\win64\ue4editor.exe] => (Block) D:\program files\epic games\ue_4.25\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [UDP Query User{C63FD614-DA29-4C01-BC0F-24E7C1E1A632}C:\users\user\appdata\local\programs\opera\69.0.3686.95\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\69.0.3686.95\opera.exe => No File
FirewallRules: [TCP Query User{C757E5DF-583A-4D04-9217-F212C9D62A05}C:\users\user\appdata\local\programs\opera\69.0.3686.95\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\69.0.3686.95\opera.exe => No File
FirewallRules: [{7C3732F3-6681-4651-9BA8-89FCCA21A266}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{847DEC78-E9E1-4B5E-9DE8-E9DC16CE371C}] => (Allow) C:\Program Files\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{2F0C3089-4944-4C49-B0AE-A33B98E970A0}] => (Allow) C:\Program Files\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{6796056C-4DCA-43E1-B634-653E27DDB632}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [{C3455AEE-03A9-4F44-9B78-FFF2DE0578D3}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{C27BE4C3-5476-47F3-9275-35D87CAAC39E}] => (Allow) C:\Program Files\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{CD6D1AEF-A6FF-4C40-98E1-398BCFC1730C}] => (Allow) C:\Program Files\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{9FB5529A-2FF5-4C2A-BC85-9A8AC7BF6940}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [UDP Query User{29C8A962-C702-49E5-A72A-FE8DE38027CB}D:\program files\epic games\gtav\gta5.exe] => (Allow) D:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{5B9A8B52-CC72-4745-ACB3-61E2E5762924}D:\program files\epic games\gtav\gta5.exe] => (Allow) D:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{1CDEFFB4-44FB-4E4B-B729-F7E32C1EA0E1}D:\program files\epic games\paladins\binaries\win64\paladins.exe] => (Allow) D:\program files\epic games\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [TCP Query User{9353BF26-D61B-48AC-AA2E-2E83DE833A61}D:\program files\epic games\paladins\binaries\win64\paladins.exe] => (Allow) D:\program files\epic games\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [UDP Query User{78592F91-D3A6-499D-8389-131917A157E4}D:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) D:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [TCP Query User{8B20924E-6370-4964-A38F-C744376C05E2}D:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) D:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [{145C6914-0B6A-4CDA-80F6-FA27D33F8F2B}] => (Allow) D:\Program Files\Epic Games\WatchDogs\bin\Watch_Dogs.exe => No File
FirewallRules: [{2A7AE39F-F672-42E2-9F56-AAB44EF72683}] => (Allow) D:\Program Files\Epic Games\WatchDogs\bin\Watch_Dogs.exe => No File
FirewallRules: [{7D029156-CBEA-4284-AFC7-C5E7811CA3C5}] => (Allow) D:\Program Files\Epic Games\AssassinsCreedSyndicate\ACS.exe => No File
FirewallRules: [UDP Query User{786D985B-1714-4967-9D4C-0F5CCE6435A0}D:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [TCP Query User{EA7F20CC-65DF-4EB7-883A-814CB456555A}D:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [UDP Query User{681209A7-3C72-4114-911E-C9B7C040D189}D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe] => (Allow) D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe => No File
FirewallRules: [TCP Query User{AD0E07A9-CC92-42BE-92A7-E5EB7291014E}D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe] => (Allow) D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6E5209D8-FC1E-46D3-A342-DDD40BCDD2CE}D:\program files\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe] => (Allow) D:\program files\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe => No File
FirewallRules: [TCP Query User{E4C69439-5808-44D3-97DE-1AB5500B9E3E}D:\program files\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe] => (Allow) D:\program files\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe => No File
FirewallRules: [TCP Query User{52AA59B8-F986-4CE7-A129-9781D51E9DDF}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{B73F1148-3269-4704-8F6F-C5E7DCACE2AE}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{1F5F21CF-A7C6-4875-8EEA-3ACC3F51D2E1}C:\users\user\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{6D4A6D58-750C-4E79-9F2A-77DBDE85E59E}C:\users\user\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [{9825FA98-48C4-4463-B074-D073C4DE3D6B}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{EAA98012-7ABF-43AE-B041-6E39B9A4255C}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{641BCB34-FD4C-4673-8833-9055B4C48E47}C:\users\user\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [UDP Query User{9BB2B019-90A5-4C01-9CBC-3F7D6CF25337}C:\users\user\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [TCP Query User{A1DAA58D-D136-4091-A7C8-8ECEFBFBBB7F}C:\users\user\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [UDP Query User{C7DE2633-4DF3-454E-9F8E-579E5CB39BD6}C:\users\user\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [TCP Query User{E85BED9F-A2B1-4F2B-B83D-5C45AE8802D5}D:\program files\epic games\alienisolation\ai.exe] => (Block) D:\program files\epic games\alienisolation\ai.exe => No File
FirewallRules: [UDP Query User{1DC9136A-312A-424F-9B97-C5C998D1D48B}D:\program files\epic games\alienisolation\ai.exe] => (Block) D:\program files\epic games\alienisolation\ai.exe => No File
FirewallRules: [TCP Query User{32C362CD-46E9-47DF-81EA-CD0E160ECBE4}C:\users\user\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [UDP Query User{7C67D42D-BEB4-4215-B29A-3603A0CB9AC5}C:\users\user\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{EC723C85-A3F8-4991-A78C-5C126FB3B591}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{13BBF08E-60E7-493A-8CA6-1DAA4CE39E64}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{405ABDB9-34A6-4333-A150-90839776F5A8}D:\program files\epic games\rage2\rage2.exe] => (Allow) D:\program files\epic games\rage2\rage2.exe => No File
FirewallRules: [UDP Query User{1C2D8D90-AB77-4AAF-8B06-5F9CD2217FC7}D:\program files\epic games\rage2\rage2.exe] => (Allow) D:\program files\epic games\rage2\rage2.exe => No File
FirewallRules: [TCP Query User{90DCE6AC-CFCD-479C-A241-C54FCDC1F207}C:\users\user\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [UDP Query User{D60CDA86-B468-44D7-905E-ACB184D9BF72}C:\users\user\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{62697171-7041-4622-B4F1-9446EE5407C6}C:\users\user\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [UDP Query User{13067778-B6D2-42A0-BCA8-4139DCB336AC}C:\users\user\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [TCP Query User{EBF21A2B-0C66-4041-A75A-489FD250771A}C:\users\user\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [UDP Query User{429A60FC-D7A2-4641-9C22-E3C3B333E0A2}C:\users\user\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [TCP Query User{C1090B98-D835-4EBD-A6CC-F39150CF03EC}D:\program files\epic games\genshinimpact\genshin impact game\genshinimpact.exe] => (Allow) D:\program files\epic games\genshinimpact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [UDP Query User{11F1E93E-232B-4A35-A677-F185B27F6C20}D:\program files\epic games\genshinimpact\genshin impact game\genshinimpact.exe] => (Allow) D:\program files\epic games\genshinimpact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [TCP Query User{79169290-E418-4393-8BDB-95CFD4E582BE}D:\program files\epic games\thestanleyparable\stanley.exe] => (Block) D:\program files\epic games\thestanleyparable\stanley.exe => No File
FirewallRules: [UDP Query User{9BF9A55C-6A57-425D-9788-33772814E2A0}D:\program files\epic games\thestanleyparable\stanley.exe] => (Block) D:\program files\epic games\thestanleyparable\stanley.exe => No File
FirewallRules: [TCP Query User{023A6BED-BC91-4AD5-A095-09673C114FB8}D:\program files\epic games\totalwarsagatroy\troy.exe] => (Block) D:\program files\epic games\totalwarsagatroy\troy.exe => No File
FirewallRules: [UDP Query User{384C28E7-DFF6-40CF-817F-0A0600A0B01B}D:\program files\epic games\totalwarsagatroy\troy.exe] => (Block) D:\program files\epic games\totalwarsagatroy\troy.exe => No File
FirewallRules: [TCP Query User{787D91FF-CCB3-4F67-9D7E-D446E510987D}C:\users\user\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{176BE3C1-5880-42B4-9BA2-15136032B8CA}C:\users\user\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [{F5F1EB9F-CAC8-4D30-AE95-477FC18E5E1E}] => (Allow) C:\WINDOWS\system32\winrmsrv.exe => No File
Task: {283586D5-EAD0-4D55-9C03-8F1643D3CFE7} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
Task: {39CB66D8-88C7-4BD3-A641-FA71F2816926} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe <==== ATTENTION
Task: {46DD26EF-0F62-493E-B5DA-0E6A66E74D6E} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {69300936-4B1B-4420-AF67-8492747B6A6A} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Search with FRST

 winlogui.exe;winscomrssrv.dll;StartupCheckLibrary.dll;winrmsrv.exe
  • Double-click FRST.exe/FRST64.exe to run it.
  • Copy and paste the following into the Search box:
    • Press the Search Files button.
    • When complete, FRST will generate a log, named Search.txt, in the same location it was run from.
    • Please copy and paste its contents into your reply.

 

In your next reply please post:

  1. The fixlog.txt
  2. The Search.txt

  • 0

#7
icekite

icekite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here are the fixlog.txt and Search.txt

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-08-2021
Ran by User (12-08-2021 00:01:13) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FirewallRules: [UDP Query User{951C75BC-8CF6-45A5-9CCD-E192C8DD8B59}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [TCP Query User{1F2B608B-31B0-43E8-A327-1C1AF5577B1A}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [UDP Query User{7B962ED5-006C-4FED-ACBB-4ECF61976C0D}C:\users\user\downloads\processing-3.5.4-windows64\processing-3.5.4\java\bin\java.exe] => (Allow) C:\users\user\downloads\processing-3.5.4-windows64\processing-3.5.4\java\bin\java.exe => No File
FirewallRules: [TCP Query User{CF29BBFC-648D-417E-9C2C-DF570F0B278C}C:\users\user\downloads\processing-3.5.4-windows64\processing-3.5.4\java\bin\java.exe] => (Allow) C:\users\user\downloads\processing-3.5.4-windows64\processing-3.5.4\java\bin\java.exe => No File
FirewallRules: [UDP Query User{A7948C7B-1EFF-418C-BA38-04D138E6F43A}C:\users\user\appdata\local\programs\opera\70.0.3728.189\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\70.0.3728.189\opera.exe => No File
FirewallRules: [TCP Query User{FEF44655-1FFD-43A2-ABC5-42EBDC9FACBC}C:\users\user\appdata\local\programs\opera\70.0.3728.189\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\70.0.3728.189\opera.exe => No File
FirewallRules: [UDP Query User{19EFAE8F-4556-4DC2-868A-35A7476C60E5}D:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) D:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{A7A5132C-4B09-4642-8BC6-531AF3E2F916}D:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) D:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{BF69AC6B-B200-4704-A4DF-E61A4F30F7F1}C:\users\user\appdata\local\programs\opera\70.0.3728.178\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\70.0.3728.178\opera.exe => No File
FirewallRules: [TCP Query User{346E60FF-800E-46A8-B2ED-E4256AEA503B}C:\users\user\appdata\local\programs\opera\70.0.3728.178\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\70.0.3728.178\opera.exe => No File
FirewallRules: [UDP Query User{05D9C792-C66B-417B-A230-B2003D233C48}D:\program files\epic games\ue_4.25\engine\binaries\win64\ue4editor.exe] => (Block) D:\program files\epic games\ue_4.25\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [TCP Query User{C19FD089-D032-442E-8B7B-D6C1B1FF2F95}D:\program files\epic games\ue_4.25\engine\binaries\win64\ue4editor.exe] => (Block) D:\program files\epic games\ue_4.25\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [UDP Query User{C63FD614-DA29-4C01-BC0F-24E7C1E1A632}C:\users\user\appdata\local\programs\opera\69.0.3686.95\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\69.0.3686.95\opera.exe => No File
FirewallRules: [TCP Query User{C757E5DF-583A-4D04-9217-F212C9D62A05}C:\users\user\appdata\local\programs\opera\69.0.3686.95\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\69.0.3686.95\opera.exe => No File
FirewallRules: [{7C3732F3-6681-4651-9BA8-89FCCA21A266}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{847DEC78-E9E1-4B5E-9DE8-E9DC16CE371C}] => (Allow) C:\Program Files\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{2F0C3089-4944-4C49-B0AE-A33B98E970A0}] => (Allow) C:\Program Files\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{6796056C-4DCA-43E1-B634-653E27DDB632}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [{C3455AEE-03A9-4F44-9B78-FFF2DE0578D3}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{C27BE4C3-5476-47F3-9275-35D87CAAC39E}] => (Allow) C:\Program Files\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{CD6D1AEF-A6FF-4C40-98E1-398BCFC1730C}] => (Allow) C:\Program Files\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{9FB5529A-2FF5-4C2A-BC85-9A8AC7BF6940}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [UDP Query User{29C8A962-C702-49E5-A72A-FE8DE38027CB}D:\program files\epic games\gtav\gta5.exe] => (Allow) D:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{5B9A8B52-CC72-4745-ACB3-61E2E5762924}D:\program files\epic games\gtav\gta5.exe] => (Allow) D:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{1CDEFFB4-44FB-4E4B-B729-F7E32C1EA0E1}D:\program files\epic games\paladins\binaries\win64\paladins.exe] => (Allow) D:\program files\epic games\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [TCP Query User{9353BF26-D61B-48AC-AA2E-2E83DE833A61}D:\program files\epic games\paladins\binaries\win64\paladins.exe] => (Allow) D:\program files\epic games\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [UDP Query User{78592F91-D3A6-499D-8389-131917A157E4}D:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) D:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [TCP Query User{8B20924E-6370-4964-A38F-C744376C05E2}D:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) D:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [{145C6914-0B6A-4CDA-80F6-FA27D33F8F2B}] => (Allow) D:\Program Files\Epic Games\WatchDogs\bin\Watch_Dogs.exe => No File
FirewallRules: [{2A7AE39F-F672-42E2-9F56-AAB44EF72683}] => (Allow) D:\Program Files\Epic Games\WatchDogs\bin\Watch_Dogs.exe => No File
FirewallRules: [{7D029156-CBEA-4284-AFC7-C5E7811CA3C5}] => (Allow) D:\Program Files\Epic Games\AssassinsCreedSyndicate\ACS.exe => No File
FirewallRules: [UDP Query User{786D985B-1714-4967-9D4C-0F5CCE6435A0}D:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [TCP Query User{EA7F20CC-65DF-4EB7-883A-814CB456555A}D:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [UDP Query User{681209A7-3C72-4114-911E-C9B7C040D189}D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe] => (Allow) D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe => No File
FirewallRules: [TCP Query User{AD0E07A9-CC92-42BE-92A7-E5EB7291014E}D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe] => (Allow) D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6E5209D8-FC1E-46D3-A342-DDD40BCDD2CE}D:\program files\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe] => (Allow) D:\program files\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe => No File
FirewallRules: [TCP Query User{E4C69439-5808-44D3-97DE-1AB5500B9E3E}D:\program files\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe] => (Allow) D:\program files\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe => No File
FirewallRules: [TCP Query User{52AA59B8-F986-4CE7-A129-9781D51E9DDF}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{B73F1148-3269-4704-8F6F-C5E7DCACE2AE}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{1F5F21CF-A7C6-4875-8EEA-3ACC3F51D2E1}C:\users\user\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{6D4A6D58-750C-4E79-9F2A-77DBDE85E59E}C:\users\user\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [{9825FA98-48C4-4463-B074-D073C4DE3D6B}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{EAA98012-7ABF-43AE-B041-6E39B9A4255C}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{641BCB34-FD4C-4673-8833-9055B4C48E47}C:\users\user\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [UDP Query User{9BB2B019-90A5-4C01-9CBC-3F7D6CF25337}C:\users\user\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [TCP Query User{A1DAA58D-D136-4091-A7C8-8ECEFBFBBB7F}C:\users\user\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [UDP Query User{C7DE2633-4DF3-454E-9F8E-579E5CB39BD6}C:\users\user\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [TCP Query User{E85BED9F-A2B1-4F2B-B83D-5C45AE8802D5}D:\program files\epic games\alienisolation\ai.exe] => (Block) D:\program files\epic games\alienisolation\ai.exe => No File
FirewallRules: [UDP Query User{1DC9136A-312A-424F-9B97-C5C998D1D48B}D:\program files\epic games\alienisolation\ai.exe] => (Block) D:\program files\epic games\alienisolation\ai.exe => No File
FirewallRules: [TCP Query User{32C362CD-46E9-47DF-81EA-CD0E160ECBE4}C:\users\user\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [UDP Query User{7C67D42D-BEB4-4215-B29A-3603A0CB9AC5}C:\users\user\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{EC723C85-A3F8-4991-A78C-5C126FB3B591}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{13BBF08E-60E7-493A-8CA6-1DAA4CE39E64}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{405ABDB9-34A6-4333-A150-90839776F5A8}D:\program files\epic games\rage2\rage2.exe] => (Allow) D:\program files\epic games\rage2\rage2.exe => No File
FirewallRules: [UDP Query User{1C2D8D90-AB77-4AAF-8B06-5F9CD2217FC7}D:\program files\epic games\rage2\rage2.exe] => (Allow) D:\program files\epic games\rage2\rage2.exe => No File
FirewallRules: [TCP Query User{90DCE6AC-CFCD-479C-A241-C54FCDC1F207}C:\users\user\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [UDP Query User{D60CDA86-B468-44D7-905E-ACB184D9BF72}C:\users\user\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{62697171-7041-4622-B4F1-9446EE5407C6}C:\users\user\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [UDP Query User{13067778-B6D2-42A0-BCA8-4139DCB336AC}C:\users\user\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [TCP Query User{EBF21A2B-0C66-4041-A75A-489FD250771A}C:\users\user\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [UDP Query User{429A60FC-D7A2-4641-9C22-E3C3B333E0A2}C:\users\user\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [TCP Query User{C1090B98-D835-4EBD-A6CC-F39150CF03EC}D:\program files\epic games\genshinimpact\genshin impact game\genshinimpact.exe] => (Allow) D:\program files\epic games\genshinimpact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [UDP Query User{11F1E93E-232B-4A35-A677-F185B27F6C20}D:\program files\epic games\genshinimpact\genshin impact game\genshinimpact.exe] => (Allow) D:\program files\epic games\genshinimpact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [TCP Query User{79169290-E418-4393-8BDB-95CFD4E582BE}D:\program files\epic games\thestanleyparable\stanley.exe] => (Block) D:\program files\epic games\thestanleyparable\stanley.exe => No File
FirewallRules: [UDP Query User{9BF9A55C-6A57-425D-9788-33772814E2A0}D:\program files\epic games\thestanleyparable\stanley.exe] => (Block) D:\program files\epic games\thestanleyparable\stanley.exe => No File
FirewallRules: [TCP Query User{023A6BED-BC91-4AD5-A095-09673C114FB8}D:\program files\epic games\totalwarsagatroy\troy.exe] => (Block) D:\program files\epic games\totalwarsagatroy\troy.exe => No File
FirewallRules: [UDP Query User{384C28E7-DFF6-40CF-817F-0A0600A0B01B}D:\program files\epic games\totalwarsagatroy\troy.exe] => (Block) D:\program files\epic games\totalwarsagatroy\troy.exe => No File
FirewallRules: [TCP Query User{787D91FF-CCB3-4F67-9D7E-D446E510987D}C:\users\user\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{176BE3C1-5880-42B4-9BA2-15136032B8CA}C:\users\user\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [{F5F1EB9F-CAC8-4D30-AE95-477FC18E5E1E}] => (Allow) C:\WINDOWS\system32\winrmsrv.exe => No File
Task: {283586D5-EAD0-4D55-9C03-8F1643D3CFE7} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
Task: {39CB66D8-88C7-4BD3-A641-FA71F2816926} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe <==== ATTENTION
Task: {46DD26EF-0F62-493E-B5DA-0E6A66E74D6E} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {69300936-4B1B-4420-AF67-8492747B6A6A} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{951C75BC-8CF6-45A5-9CCD-E192C8DD8B59}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1F2B608B-31B0-43E8-A327-1C1AF5577B1A}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7B962ED5-006C-4FED-ACBB-4ECF61976C0D}C:\users\user\downloads\processing-3.5.4-windows64\processing-3.5.4\java\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CF29BBFC-648D-417E-9C2C-DF570F0B278C}C:\users\user\downloads\processing-3.5.4-windows64\processing-3.5.4\java\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A7948C7B-1EFF-418C-BA38-04D138E6F43A}C:\users\user\appdata\local\programs\opera\70.0.3728.189\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FEF44655-1FFD-43A2-ABC5-42EBDC9FACBC}C:\users\user\appdata\local\programs\opera\70.0.3728.189\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{19EFAE8F-4556-4DC2-868A-35A7476C60E5}D:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A7A5132C-4B09-4642-8BC6-531AF3E2F916}D:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BF69AC6B-B200-4704-A4DF-E61A4F30F7F1}C:\users\user\appdata\local\programs\opera\70.0.3728.178\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{346E60FF-800E-46A8-B2ED-E4256AEA503B}C:\users\user\appdata\local\programs\opera\70.0.3728.178\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{05D9C792-C66B-417B-A230-B2003D233C48}D:\program files\epic games\ue_4.25\engine\binaries\win64\ue4editor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C19FD089-D032-442E-8B7B-D6C1B1FF2F95}D:\program files\epic games\ue_4.25\engine\binaries\win64\ue4editor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C63FD614-DA29-4C01-BC0F-24E7C1E1A632}C:\users\user\appdata\local\programs\opera\69.0.3686.95\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C757E5DF-583A-4D04-9217-F212C9D62A05}C:\users\user\appdata\local\programs\opera\69.0.3686.95\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C3732F3-6681-4651-9BA8-89FCCA21A266}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{847DEC78-E9E1-4B5E-9DE8-E9DC16CE371C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F0C3089-4944-4C49-B0AE-A33B98E970A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6796056C-4DCA-43E1-B634-653E27DDB632}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3455AEE-03A9-4F44-9B78-FFF2DE0578D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C27BE4C3-5476-47F3-9275-35D87CAAC39E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD6D1AEF-A6FF-4C40-98E1-398BCFC1730C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FB5529A-2FF5-4C2A-BC85-9A8AC7BF6940}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{29C8A962-C702-49E5-A72A-FE8DE38027CB}D:\program files\epic games\gtav\gta5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5B9A8B52-CC72-4745-ACB3-61E2E5762924}D:\program files\epic games\gtav\gta5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1CDEFFB4-44FB-4E4B-B729-F7E32C1EA0E1}D:\program files\epic games\paladins\binaries\win64\paladins.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9353BF26-D61B-48AC-AA2E-2E83DE833A61}D:\program files\epic games\paladins\binaries\win64\paladins.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{78592F91-D3A6-499D-8389-131917A157E4}D:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8B20924E-6370-4964-A38F-C744376C05E2}D:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{145C6914-0B6A-4CDA-80F6-FA27D33F8F2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A7AE39F-F672-42E2-9F56-AAB44EF72683}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D029156-CBEA-4284-AFC7-C5E7811CA3C5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{786D985B-1714-4967-9D4C-0F5CCE6435A0}D:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EA7F20CC-65DF-4EB7-883A-814CB456555A}D:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{681209A7-3C72-4114-911E-C9B7C040D189}D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AD0E07A9-CC92-42BE-92A7-E5EB7291014E}D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6E5209D8-FC1E-46D3-A342-DDD40BCDD2CE}D:\program files\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E4C69439-5808-44D3-97DE-1AB5500B9E3E}D:\program files\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{52AA59B8-F986-4CE7-A129-9781D51E9DDF}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B73F1148-3269-4704-8F6F-C5E7DCACE2AE}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1F5F21CF-A7C6-4875-8EEA-3ACC3F51D2E1}C:\users\user\appdata\local\programs\opera\72.0.3815.320\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6D4A6D58-750C-4E79-9F2A-77DBDE85E59E}C:\users\user\appdata\local\programs\opera\72.0.3815.320\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9825FA98-48C4-4463-B074-D073C4DE3D6B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EAA98012-7ABF-43AE-B041-6E39B9A4255C}" => removed successfully
"D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{641BCB34-FD4C-4673-8833-9055B4C48E47}C:\users\user\appdata\local\programs\opera\72.0.3815.400\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9BB2B019-90A5-4C01-9CBC-3F7D6CF25337}C:\users\user\appdata\local\programs\opera\72.0.3815.400\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A1DAA58D-D136-4091-A7C8-8ECEFBFBBB7F}C:\users\user\appdata\local\programs\opera\73.0.3856.284\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C7DE2633-4DF3-454E-9F8E-579E5CB39BD6}C:\users\user\appdata\local\programs\opera\73.0.3856.284\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E85BED9F-A2B1-4F2B-B83D-5C45AE8802D5}D:\program files\epic games\alienisolation\ai.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1DC9136A-312A-424F-9B97-C5C998D1D48B}D:\program files\epic games\alienisolation\ai.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{32C362CD-46E9-47DF-81EA-CD0E160ECBE4}C:\users\user\appdata\local\programs\opera\73.0.3856.329\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7C67D42D-BEB4-4215-B29A-3603A0CB9AC5}C:\users\user\appdata\local\programs\opera\73.0.3856.329\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EC723C85-A3F8-4991-A78C-5C126FB3B591}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{13BBF08E-60E7-493A-8CA6-1DAA4CE39E64}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{405ABDB9-34A6-4333-A150-90839776F5A8}D:\program files\epic games\rage2\rage2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1C2D8D90-AB77-4AAF-8B06-5F9CD2217FC7}D:\program files\epic games\rage2\rage2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{90DCE6AC-CFCD-479C-A241-C54FCDC1F207}C:\users\user\appdata\local\programs\opera\74.0.3911.203\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D60CDA86-B468-44D7-905E-ACB184D9BF72}C:\users\user\appdata\local\programs\opera\74.0.3911.203\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{62697171-7041-4622-B4F1-9446EE5407C6}C:\users\user\appdata\local\programs\opera\74.0.3911.218\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{13067778-B6D2-42A0-BCA8-4139DCB336AC}C:\users\user\appdata\local\programs\opera\74.0.3911.218\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EBF21A2B-0C66-4041-A75A-489FD250771A}C:\users\user\appdata\local\programs\opera\75.0.3969.243\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{429A60FC-D7A2-4641-9C22-E3C3B333E0A2}C:\users\user\appdata\local\programs\opera\75.0.3969.243\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C1090B98-D835-4EBD-A6CC-F39150CF03EC}D:\program files\epic games\genshinimpact\genshin impact game\genshinimpact.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{11F1E93E-232B-4A35-A677-F185B27F6C20}D:\program files\epic games\genshinimpact\genshin impact game\genshinimpact.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{79169290-E418-4393-8BDB-95CFD4E582BE}D:\program files\epic games\thestanleyparable\stanley.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9BF9A55C-6A57-425D-9788-33772814E2A0}D:\program files\epic games\thestanleyparable\stanley.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{023A6BED-BC91-4AD5-A095-09673C114FB8}D:\program files\epic games\totalwarsagatroy\troy.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{384C28E7-DFF6-40CF-817F-0A0600A0B01B}D:\program files\epic games\totalwarsagatroy\troy.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{787D91FF-CCB3-4F67-9D7E-D446E510987D}C:\users\user\appdata\local\programs\opera\77.0.4054.203\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{176BE3C1-5880-42B4-9BA2-15136032B8CA}C:\users\user\appdata\local\programs\opera\77.0.4054.203\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5F1EB9F-CAC8-4D30-AE95-477FC18E5E1E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{283586D5-EAD0-4D55-9C03-8F1643D3CFE7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{283586D5-EAD0-4D55-9C03-8F1643D3CFE7}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wininet\Winlogui => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\Winlogui" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39CB66D8-88C7-4BD3-A641-FA71F2816926}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39CB66D8-88C7-4BD3-A641-FA71F2816926}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\winrmsrv" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46DD26EF-0F62-493E-B5DA-0E6A66E74D6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46DD26EF-0F62-493E-B5DA-0E6A66E74D6E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69300936-4B1B-4420-AF67-8492747B6A6A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69300936-4B1B-4420-AF67-8492747B6A6A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10566726 B
Java, Flash, Steam htmlcache => 548945844 B
Windows/system/drivers => 500370 B
Edge => 1274673 B
Chrome => 1019054734 B
Firefox => 0 B
Opera => 367184424 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
User => 3820857 B
OVRLibraryService => 3820857 B
 
RecycleBin => 0 B
EmptyTemp: => 1.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:02:10 ====
 
 
 
Farbar Recovery Scan Tool (x64) Version: 11-08-2021
Ran by User (12-08-2021 00:04:59)
Running from C:\Users\User\Desktop
Boot Mode: Normal
 
================== Search Files: "winlogui.exe;winscomrssrv.dll;StartupCheckLibrary.dll;winrmsrv.exe" =============
 
 
====== End of Search ======

 


Edited by icekite, 11 August 2021 - 10:11 AM.

  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Great.
 
Are you getting the errors now?
 
Let's make some additional scans:


1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Scan mode)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#9
icekite

icekite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I am not getting the two error messages anymore.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-08-09.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    08-12-2021
# Duration: 00:00:06
# OS:       Windows 10 Home
# Scanned:  32002
# Detected: 1
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.AdvancedSystemCare C:\Users\User\AppData\LocalLow\IObit\Advanced SystemCare
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/08/2021
Scan Time: 00:33
Log File: ce0d3856-fac1-11eb-825a-4ccc6a27b594.json
 
-Software Information-
Version: 4.4.4.126
Components Version: 1.0.1413
Update Package Version: 1.0.44046
Licence: Trial
 
-System Information-
OS: Windows 10 (Build 19043.1165)
CPU: x64
File System: NTFS
User: DESKTOP-JNRBSRR\User
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 339117
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 34 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 

  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

I am not getting the two error messages anymore.

 
Great.  :thumbsup:
 
Let's continue:
 
1. AdwCleaner (Clean mode) 
 
AdwCleaner detected a PUP (potentially unwanted program), so let's clean it:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

 

 

In your next reply please post:

  • The AdwCleaner[C0*].txt
  • The fresh FRST logs, Addition and FRST
  • Feedback: How is the computer running now? Any remaining issues/questions/concerns?

 

 


  • 0

Advertisements


#11
icekite

icekite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

The computer seems to be running smooth now and I don't notice any issues with it.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-08-09.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-12-2021
# Duration: 00:00:00
# OS:       Windows 10 Home
# Cleaned:  1
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Users\User\AppData\LocalLow\IObit\Advanced SystemCare
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1467 octets] - [12/08/2021 00:28:39]
AdwCleaner[S01].txt - [1528 octets] - [12/08/2021 09:38:58]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2021
Ran by User (administrator) on DESKTOP-JNRBSRR (MSI MS-7978) (12-08-2021 09:42:08)
Running from C:\Users\User\Desktop
Loaded Profiles: User
Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <10>
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9dda6a81a12e6ac4\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3086208 2021-06-23] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-31] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1800081647-856822976-2045172770-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1800081647-856822976-2045172770-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-06] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1418A164-21DC-48F4-940D-1C9500AAA1D7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {2122B3AD-CFC4-4EDC-AE7D-6AEE6D9821FD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {278EF530-4B7D-4422-937F-927CDEFE6067} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {28B87A35-B911-4618-9496-9BD0C16CC79C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {2BCC7845-CBD5-420C-B25A-9BF173EF42EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-14] (Google Inc -> Google LLC)
Task: {440D3B97-128E-451F-94E7-BA03A6531950} - System32\Tasks\Opera scheduled assistant Autoupdate 1594207763 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [2264784 2021-07-21] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\User\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {4A4A3E94-9377-4583-A320-F0084B7B7D9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-14] (Google Inc -> Google LLC)
Task: {4B79F011-E85D-40DD-BC12-9234EC31F4D6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {7200311D-0DAA-4ED2-BB34-41F01D860409} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {72754A5E-2D44-43F7-92C9-01441C02CD20} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D72791D-941D-4619-9505-26251CC7BADC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {92CCEDCA-FB43-4333-A9E0-AADAF8824D5E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {93229044-F3C3-495E-9365-8ED0AC86022B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {946836B4-CAD8-4045-A7E2-117507D255A6} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {9F5777D0-7696-4E89-A742-0163B0DA1FD6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0EA5899-EA4E-4C80-AC24-9CA919CF3CB0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BE52006D-C430-418F-AA34-368CD4901841} - System32\Tasks\Opera scheduled Autoupdate 1594207760 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [2264784 2021-07-21] (Opera Software AS -> Opera Software)
Task: {CC08A996-9757-4F9B-853B-F7A51C8A42A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCD6BDAD-B106-4302-932E-5BCE39244C75} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D968E1C4-F022-4AEC-8F24-FC324F3A9D1C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FB171942-1D1A-4C81-8B2F-8BDA76629898} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE465355-E3B5-4825-B255-DB7FDEE1DD45} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel® Trust Services -> Intel® Corporation)
Task: {FF029E37-7C52-43ED-B71C-6D5DFAE35C64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3ca13658-14a1-4b97-986b-87462d89caa2}: [DhcpNameServer] 192.168.1.254
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-12]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-08-12]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-14]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-14]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-14]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-27]
 
Opera: 
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-08-12]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-06-26]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142136 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-02-19] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-12] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4490376 2020-09-19] (Logitech Inc -> Logitech)
S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [144632 2021-05-21] (Oculus VR, LLC -> Facebook Technologies, LLC)
S4 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [511736 2021-05-21] (Oculus VR, LLC -> Facebook Technologies, LLC)
S2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [447080 2019-07-24] (Razer USA Ltd. -> Razer Inc.)
S2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [943240 2019-07-24] (Razer USA Ltd. -> Razer Inc.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10147296 2021-06-23] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9dda6a81a12e6ac4\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9dda6a81a12e6ac4\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-08-12] (Malwarebytes Inc -> Malwarebytes)
S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [37200 2021-07-21] (Logitech Inc -> Logitech)
S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66896 2021-07-21] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-08-12] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-08-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-08-12] (Malwarebytes Inc -> Malwarebytes)
R3 oculusvad_oculusvad; C:\WINDOWS\System32\drivers\oculusvad.sys [72208 2021-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2021-02-17] (Oculus VR, LLC -> Facebook Inc.)
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [52240 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [50240 2019-09-20] (Razer USA Ltd. -> Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [42000 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0306; C:\WINDOWS\System32\drivers\RzDev_0306.sys [51776 2019-09-20] (Razer USA Ltd. -> Razer Inc)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29712 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36376 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [45592 2016-10-30] (Razer USA Ltd. -> Razer Inc)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48144 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52240 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44048 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [44048 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-29] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8241992 2021-06-22] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2719256 2020-03-16] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-08-12 09:42 - 2021-08-12 09:42 - 000019604 _____ C:\Users\User\Desktop\FRST.txt
2021-08-12 09:41 - 2021-08-12 09:41 - 000001698 _____ C:\Users\User\Desktop\AdwCleaner[C01].txt
2021-08-12 07:43 - 2021-08-12 07:43 - 000004450 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1594207763
2021-08-12 07:38 - 2021-08-12 07:38 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-08-12 07:38 - 2021-08-12 07:38 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-08-12 07:38 - 2021-08-12 07:38 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-08-12 05:18 - 2021-08-11 21:24 - 000000000 ____D C:\Windows.old
2021-08-12 05:16 - 2021-08-12 05:18 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-08-12 05:15 - 2021-08-12 05:15 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-08-12 05:15 - 2021-08-11 21:20 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-08-12 05:09 - 2021-08-12 05:09 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-12 05:09 - 2021-08-12 05:09 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-12 05:09 - 2021-08-12 05:09 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-08-12 05:09 - 2021-08-12 05:09 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-08-12 05:09 - 2021-08-12 05:09 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-08-12 05:09 - 2021-08-12 05:09 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-08-12 05:09 - 2021-08-12 05:09 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-12 05:09 - 2021-08-12 05:09 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-08-12 05:09 - 2021-08-12 05:09 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-12 05:09 - 2021-08-12 05:09 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-12 05:09 - 2021-08-12 05:09 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-08-12 05:09 - 2021-08-12 05:09 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-08-12 05:09 - 2021-08-12 05:09 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-08-12 05:09 - 2021-08-12 05:09 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-08-12 05:09 - 2021-08-12 05:09 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-08-12 05:09 - 2021-08-12 05:09 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-08-12 05:09 - 2021-08-12 05:09 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-08-12 05:09 - 2021-08-12 05:09 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-08-12 05:09 - 2021-08-12 05:09 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-08-12 05:09 - 2021-08-12 05:09 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-08-12 05:09 - 2021-08-12 05:09 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-08-12 05:09 - 2021-08-12 05:09 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-08-12 05:09 - 2021-08-12 05:09 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-08-12 05:09 - 2021-08-12 05:09 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-12 05:09 - 2021-08-12 05:09 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-08-12 05:09 - 2021-08-12 05:09 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-08-12 05:09 - 2021-08-12 05:09 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-08-12 05:09 - 2021-08-12 05:09 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-08-12 05:08 - 2021-08-12 05:08 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-08-12 05:08 - 2021-08-12 05:08 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-12 05:08 - 2021-08-12 05:08 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-08-12 05:08 - 2021-08-12 05:08 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-08-12 05:08 - 2021-08-12 05:08 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-08-12 05:08 - 2021-08-12 05:08 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-08-12 05:01 - 2019-10-15 21:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-08-12 05:01 - 2019-10-15 21:50 - 000001696 _____ C:\WINDOWS\system32\NOISE.CHS
2021-08-12 05:01 - 2019-04-19 02:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-08-12 05:00 - 2021-08-12 07:44 - 000416668 _____ C:\WINDOWS\system32\prfh0804.dat
2021-08-12 05:00 - 2021-08-12 07:44 - 000132376 _____ C:\WINDOWS\system32\prfc0804.dat
2021-08-12 05:00 - 2021-08-12 05:00 - 000113218 _____ C:\WINDOWS\system32\prfi0804.dat
2021-08-12 05:00 - 2021-08-12 05:00 - 000033402 _____ C:\WINDOWS\system32\prfd0804.dat
2021-08-12 05:00 - 2021-08-12 05:00 - 000000000 ____D C:\WINDOWS\SysWOW64\zh-HANS
2021-08-12 05:00 - 2021-08-12 05:00 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-08-12 05:00 - 2021-08-12 05:00 - 000000000 ____D C:\WINDOWS\system32\zh-HANS
2021-08-12 04:55 - 2021-08-12 04:55 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-08-12 04:55 - 2021-08-12 04:55 - 000000000 ____D C:\Program Files\MSBuild
2021-08-12 04:55 - 2021-08-12 04:55 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-08-12 04:55 - 2021-08-12 04:55 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-08-12 03:56 - 2021-08-12 03:58 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-08-12 00:32 - 2021-08-12 00:32 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2021-08-12 00:31 - 2021-08-12 00:31 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-08-12 00:31 - 2021-08-12 00:31 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-08-12 00:31 - 2021-08-12 00:31 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-08-12 00:31 - 2021-08-12 00:31 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-08-12 00:31 - 2021-08-12 00:31 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-12 00:31 - 2021-08-12 00:31 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-08-12 00:31 - 2021-08-12 00:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-08-12 00:31 - 2021-08-12 00:31 - 000000000 ____D C:\Program Files\Malwarebytes
2021-08-12 00:30 - 2021-08-12 00:30 - 000001467 _____ C:\Users\User\Desktop\AdwCleaner[S00].txt
2021-08-12 00:28 - 2021-08-12 09:40 - 000000000 ____D C:\AdwCleaner
2021-08-12 00:27 - 2021-08-12 00:27 - 008553680 _____ (Malwarebytes) C:\Users\User\Desktop\AdwCleaner.exe
2021-08-12 00:27 - 2021-08-12 00:27 - 002120496 _____ (Malwarebytes) C:\Users\User\Desktop\MBSetup-119967.119967-consumer.exe
2021-08-12 00:04 - 2021-08-12 00:06 - 000000293 _____ C:\Users\User\Desktop\Search.txt
2021-08-12 00:01 - 2021-08-12 00:02 - 000036285 _____ C:\Users\User\Desktop\Fixlog.txt
2021-08-11 22:07 - 2021-08-12 09:42 - 000000000 ____D C:\FRST
2021-08-11 22:06 - 2021-08-11 22:07 - 002300416 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-08-11 21:28 - 2021-08-12 07:44 - 001390214 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-11 21:26 - 2021-08-11 21:26 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-08-11 21:24 - 2021-08-12 07:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-11 21:24 - 2021-08-11 21:24 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-08-11 21:24 - 2021-08-11 21:24 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-08-11 21:24 - 2021-08-11 21:24 - 000003506 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1594207760
2021-08-11 21:24 - 2021-08-11 21:24 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-11 21:24 - 2021-08-11 21:24 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-11 21:24 - 2021-08-11 21:24 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-11 21:24 - 2021-08-11 21:24 - 000003220 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-08-11 21:24 - 2021-08-11 21:24 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b2581108a4c1
2021-08-11 21:24 - 2021-08-11 21:24 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-11 21:24 - 2021-08-11 21:24 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-11 21:24 - 2021-08-11 21:24 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-11 21:24 - 2021-08-11 21:24 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-11 21:24 - 2021-08-11 21:24 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-11 21:24 - 2021-08-11 21:24 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-11 21:24 - 2021-08-11 21:24 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-11 21:24 - 2021-08-11 21:24 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-11 21:24 - 2021-08-11 21:24 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-11 21:24 - 2021-08-11 21:24 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-11 21:24 - 2021-08-11 21:24 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1800081647-856822976-2045172770-1001
2021-08-11 21:24 - 2021-08-11 21:24 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-11 21:24 - 2021-08-11 21:24 - 000000020 ___SH C:\Users\User\ntuser.ini
2021-08-11 21:24 - 2021-08-11 21:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-08-11 21:20 - 2019-12-07 17:10 - 000001105 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-11 21:19 - 2021-08-11 21:19 - 000000000 ____D C:\WINDOWS\system32\lxss
2021-08-11 21:19 - 2021-08-11 21:19 - 000000000 ____D C:\Program Files\Common Files\logishrd
2021-08-11 21:18 - 2021-08-11 21:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-11 21:18 - 2021-08-11 21:18 - 004997968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-11 20:04 - 2021-08-11 21:24 - 000000000 ___DC C:\WINDOWS\Panther
2021-08-11 19:59 - 2021-08-11 19:59 - 000000000 ___HD C:\$Windows.~WS
2021-08-11 16:15 - 2021-08-11 20:04 - 000000000 ____D C:\ESD
2021-08-06 15:49 - 2021-08-06 15:49 - 000000000 ____D C:\Users\User\Documents\My Games
2021-08-06 15:49 - 2021-08-06 15:49 - 000000000 ____D C:\Users\User\AppData\Roaming\A Plague Tale Innocence
2021-08-06 10:28 - 2021-08-06 11:03 - 000057465 _____ C:\Users\User\Downloads\eng.pptx
2021-08-04 14:09 - 2021-08-04 14:09 - 000054434 _____ C:\Users\User\Downloads\Formula.pdf
2021-08-03 10:26 - 2021-08-11 21:20 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-08-03 10:26 - 2021-08-03 10:26 - 000001928 _____ C:\Users\User\Desktop\Zoom.lnk
2021-07-27 16:49 - 2021-07-27 16:49 - 000001402 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2021-07-23 21:54 - 2021-08-12 05:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech Camera Settings
2021-07-23 21:54 - 2021-07-23 21:54 - 000001417 _____ C:\Users\Public\Desktop\Logitech Camera Settings.lnk
2021-07-23 21:48 - 2021-07-23 21:50 - 000000000 ____D C:\Users\User\AppData\Local\Logitech
2021-07-23 10:32 - 2021-07-23 10:32 - 000000000 ____D C:\Users\User\AppData\Local\GameAnalytics
2021-07-22 16:13 - 2021-07-12 19:32 - 000136472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-07-22 16:13 - 2021-07-12 19:32 - 000067464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2021-07-22 16:13 - 2021-07-12 19:32 - 000037664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-07-22 15:59 - 2021-07-14 01:07 - 001858664 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-07-22 15:59 - 2021-07-14 01:07 - 001858664 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-07-22 15:59 - 2021-07-14 01:07 - 001438824 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-07-22 15:59 - 2021-07-14 01:07 - 001438824 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-07-22 15:59 - 2021-07-14 01:07 - 001097856 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-07-22 15:59 - 2021-07-14 01:07 - 001097856 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-07-22 15:59 - 2021-07-14 01:07 - 000951936 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-07-22 15:59 - 2021-07-14 01:07 - 000951936 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-07-22 15:59 - 2021-07-14 01:06 - 001474704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-07-22 15:59 - 2021-07-14 01:06 - 001212560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-07-22 15:59 - 2021-07-14 01:02 - 001520776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-07-22 15:59 - 2021-07-14 01:02 - 000716912 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-07-22 15:59 - 2021-07-14 01:02 - 000676480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-07-22 15:59 - 2021-07-14 01:02 - 000645232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-07-22 15:59 - 2021-07-14 01:02 - 000577152 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-07-22 15:59 - 2021-07-14 01:02 - 000564352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-07-22 15:59 - 2021-07-14 01:01 - 002112128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-07-22 15:59 - 2021-07-14 01:01 - 001595520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-07-22 15:59 - 2021-07-14 01:01 - 001171072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-07-22 15:59 - 2021-07-14 01:01 - 000919168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-07-22 15:59 - 2021-07-14 01:01 - 000750208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-07-22 15:59 - 2021-07-14 01:01 - 000706176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-07-22 15:59 - 2021-07-14 01:00 - 008854144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-07-22 15:59 - 2021-07-14 01:00 - 007920768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-07-22 15:59 - 2021-07-14 01:00 - 005680760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-07-22 15:59 - 2021-07-14 01:00 - 004987520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-07-22 15:59 - 2021-07-14 01:00 - 002925696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-07-22 15:59 - 2021-07-14 01:00 - 000447104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-07-22 15:59 - 2021-07-14 00:59 - 000849008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-07-22 15:59 - 2021-07-14 00:57 - 007280312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-07-22 15:59 - 2021-07-14 00:57 - 006215792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-07-22 15:59 - 2021-07-12 19:32 - 000083062 _____ C:\WINDOWS\system32\nvinfo.pb
2021-07-21 18:56 - 2021-07-21 18:56 - 000056492 _____ C:\Users\User\Downloads\高三上册文学常识.pptx
2021-07-21 15:12 - 2021-07-23 21:50 - 000000000 ____D C:\Program Files\Logitech
2021-07-21 15:10 - 2021-07-21 15:10 - 000066896 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys
2021-07-21 15:10 - 2021-07-21 15:10 - 000037200 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys
2021-07-21 15:10 - 2021-07-21 15:10 - 000025928 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys
2021-07-20 16:43 - 2021-07-21 17:44 - 000071853 _____ C:\Users\User\Downloads\中国古代文学常识.pptx
2021-07-13 20:26 - 2021-07-13 20:26 - 000008940 _____ C:\Users\User\Desktop\US Research.xlsx
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-08-12 09:40 - 2020-11-13 21:25 - 000000000 ____D C:\Users\User\AppData\Roaming\discord
2021-08-12 09:40 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-12 09:40 - 2019-07-14 13:15 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-12 09:40 - 2016-12-23 17:03 - 000000000 ____D C:\Users\User\AppData\LocalLow\IObit
2021-08-12 09:38 - 2020-11-13 21:25 - 000000000 ____D C:\Users\User\AppData\Local\Discord
2021-08-12 09:23 - 2019-07-14 13:52 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-12 07:46 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-08-12 07:46 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-12 07:40 - 2020-06-02 10:33 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2021-08-12 07:37 - 2021-06-23 18:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-12 05:18 - 2021-02-17 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Oculus
2021-08-12 05:18 - 2020-12-09 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-08-12 05:18 - 2020-05-31 08:47 - 000000000 ____D C:\Program Files\UNP
2021-08-12 05:18 - 2020-03-25 16:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-08-12 05:18 - 2019-12-07 17:18 - 000000000 ____D C:\WINDOWS\Setup
2021-08-12 05:18 - 2019-12-07 17:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-08-12 05:18 - 2019-12-07 17:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-08-12 05:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-08-12 05:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-08-12 05:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-08-12 05:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-08-12 05:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Catroot2.old
2021-08-12 05:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-12 05:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-08-12 05:18 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-08-12 05:18 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-08-12 05:18 - 2019-11-02 18:49 - 000000000 ____D C:\Program Files (x86)\Razer
2021-08-12 05:18 - 2019-10-13 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-08-12 05:18 - 2019-08-27 19:22 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-08-12 05:18 - 2019-07-14 21:08 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-08-12 05:18 - 2019-07-14 21:08 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-08-12 05:18 - 2019-07-14 13:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-12 05:18 - 2019-04-20 18:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-08-12 05:18 - 2018-09-11 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PROLiNK Gaming Mouse
2021-08-12 05:18 - 2016-12-23 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-08-12 05:16 - 2019-11-02 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2021-08-12 05:16 - 2019-07-14 13:14 - 000000000 ____D C:\Program Files\Realtek
2021-08-12 05:16 - 2016-12-23 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2021-08-12 05:16 - 2016-12-23 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-08-12 05:12 - 2019-12-07 22:46 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-08-12 05:12 - 2019-12-07 22:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-08-12 05:12 - 2019-12-07 22:44 - 000000000 ____D C:\WINDOWS\en-GB
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-12 05:12 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-08-12 05:12 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing
2021-08-12 05:11 - 2019-12-07 22:48 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-08-12 05:04 - 2019-12-07 22:47 - 000000000 ____D C:\WINDOWS\OCR
2021-08-12 05:00 - 2019-12-07 22:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-08-12 05:00 - 2019-12-07 22:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-08-12 05:00 - 2019-12-07 22:44 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-08-12 05:00 - 2019-12-07 22:44 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-08-12 05:00 - 2019-12-07 22:44 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-08-12 05:00 - 2019-12-07 22:44 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-08-12 05:00 - 2019-12-07 22:44 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-08-12 05:00 - 2019-12-07 22:44 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-08-12 05:00 - 2019-12-07 22:44 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-08-12 05:00 - 2019-12-07 22:44 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\IME
2021-08-12 05:00 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-08-12 00:46 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-08-12 00:31 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-11 23:09 - 2020-03-25 16:28 - 000000000 ____D C:\ProgramData\Riot Games
2021-08-11 21:42 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-11 21:32 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-08-11 21:30 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-11 21:25 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-11 21:25 - 2017-11-02 18:47 - 000000000 ___RD C:\Users\User\3D Objects
2021-08-11 21:25 - 2016-12-24 08:31 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-08-11 21:24 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-11 21:24 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-11 21:24 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-08-11 21:24 - 2019-12-07 17:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-08-11 21:22 - 2019-12-07 17:14 - 000000000 __RSD C:\WINDOWS\Media
2021-08-11 21:20 - 2020-11-13 21:25 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-08-11 21:20 - 2019-07-14 14:50 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-08-11 21:20 - 2019-07-14 13:20 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-08-11 21:19 - 2021-06-23 18:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-08-11 21:19 - 2019-07-14 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-08-11 21:19 - 2019-07-14 13:14 - 000000000 ____D C:\WINDOWS\system32\DAX2
2021-08-11 20:09 - 2019-07-14 13:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-08-11 19:34 - 2020-10-02 17:40 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-11 19:32 - 2019-07-14 13:30 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-11 17:34 - 2020-06-05 10:48 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-11 16:43 - 2021-06-10 23:06 - 000000072 _____ C:\WINDOWS\system32\perfdish001.dat
2021-08-11 13:51 - 2021-06-29 07:45 - 000000000 ____D C:\Users\User\AppData\Local\Spotify
2021-08-11 13:26 - 2021-06-29 07:45 - 000000000 ____D C:\Users\User\AppData\Roaming\Spotify
2021-08-09 20:58 - 2016-12-24 08:33 - 000000000 ___RD C:\Users\User\OneDrive
2021-08-09 07:42 - 2019-07-16 19:57 - 000000000 ____D C:\Program Files\Microsoft Office
2021-08-05 08:26 - 2017-05-19 11:14 - 000000000 ____D C:\Users\User\AppData\LocalLow\MSLiveStickerWhiteList
2021-08-03 10:26 - 2020-04-06 09:29 - 000000000 ____D C:\Users\User\AppData\Roaming\Zoom
2021-08-02 17:03 - 2019-07-14 14:33 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-07-30 18:16 - 2021-06-27 13:59 - 000000000 ____D C:\Users\User\Documents\Zoom
2021-07-30 17:45 - 2020-09-21 08:13 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2021-07-25 13:06 - 2020-03-25 16:38 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-07-22 16:17 - 2019-07-14 14:21 - 000000000 ____D C:\Users\User\AppData\Local\NVIDIA
2021-07-20 17:55 - 2021-02-14 13:37 - 000000000 ____D C:\Users\User\AppData\Local\Ubisoft Game Launcher
2021-07-13 21:03 - 2019-07-16 18:43 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
 
==================== Files in the root of some directories ========
 
2021-05-03 22:23 - 2021-05-07 17:36 - 000000205 _____ () C:\Users\User\AppData\Local\oobelibMkey.log
2020-12-01 21:24 - 2020-12-01 21:24 - 000007605 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2021
Ran by User (12-08-2021 09:43:36)
Running from C:\Users\User\Desktop
Windows 10 Home Version 21H1 19043.1165 (X64) (2021-08-11 13:24:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1800081647-856822976-2045172770-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1800081647-856822976-2045172770-503 - Limited - Disabled)
Guest (S-1-5-21-1800081647-856822976-2045172770-501 - Limited - Disabled)
User (S-1-5-21-1800081647-856822976-2045172770-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1800081647-856822976-2045172770-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated)
Discord (HKU\S-1-5-21-1800081647-856822976-2045172770-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.12.8.0 - Logitech Europe S.A.)
Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft Office Home and Student 2019 - en-us (HKLM\...\HomeStudent2019Retail - en-us) (Version: 16.0.14228.20226 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1800081647-856822976-2045172770-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Oculus (HKLM\...\Oculus) (Version: <3 - Facebook Technologies, LLC)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 77.0.4054.277 (HKU\S-1-5-21-1800081647-856822976-2045172770-1001\...\Opera 77.0.4054.277) (Version: 77.0.4054.277 - Opera Software)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.10.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.34 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7708 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.2.8 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.8 - VS Revo Group, Ltd.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
Spotify (HKU\S-1-5-21-1800081647-856822976-2045172770-1001\...\Spotify) (Version: 1.1.65.643.g2d707698 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 118.0.10358 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
VALORANT (HKU\S-1-5-21-1800081647-856822976-2045172770-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-1800081647-856822976-2045172770-1001\...\ZoomUMX) (Version: 5.7.4 (804) - Zoom Video Communications, Inc.)
 
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-13] (HP Inc.)
HyperX NGENUITY -> C:\Program Files\WindowsApps\33C30B79.HyperXNGenuity_5.2.0.0_x64__0a78dr3hq0pvt [2021-05-10] (HyperX Gaming) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5170.0_x64__8wekyb3d8bbwe [2021-05-24] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-11] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1800081647-856822976-2045172770-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-1800081647-856822976-2045172770-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9dda6a81a12e6ac4\nvshext.dll [2021-07-14] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-12] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-07-14 21:08 - 2019-07-14 21:07 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Oculus\Support\oculus-runtime;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Users\User\AppData\Local\Microsoft\WindowsApps;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1800081647-856822976-2045172770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Downloads\wallpaperflare.com_wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKU\S-1-5-21-1800081647-856822976-2045172770-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1800081647-856822976-2045172770-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-1800081647-856822976-2045172770-1001\...\StartupApproved\Run: => "CCXProcess"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F22A0FDC-34D6-4EC7-B574-82DA5950DAD7}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FEA21D8E-D09C-4316-97EE-7CE3FD8D8DBF}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B180999D-981A-49C6-AA64-4980298E24B1}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3278E856-B20F-477F-B3DE-9ACD60F392E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0EA0781A-FE0A-4E1D-AD3F-933EB8E7A927}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C226819F-2A43-40BE-9FFE-2529A5ED3298}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{83796848-DC3A-4A1E-B229-B74C9D75FC85}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6F48E83E-43EA-466B-96B8-238828968F1E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{6DD77516-BD7F-4675-BCE0-2B7469AB0F80}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{5F8686D2-9207-4659-9051-09818BEAFEFE}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{AFD596A7-E202-4C3D-82AF-443A8AD1DB3A}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{23607FE5-FBCF-459A-9A71-654D750FC0AA}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{58AFF4C4-AECB-4D41-838E-9735022BDB7A}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{38344D61-94A5-439F-8211-11D44CC00FBA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{F97D2CC3-16F9-49E4-86C9-8C31C327A334}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{4BA66A0B-BD6F-48B4-B40A-85DD2EB4435D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{C755CC49-7F7C-4F79-B712-805958DE9CF8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{44EB40E2-7581-47BD-A0FC-0389B0519921}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{03814757-E35B-4DB6-B44A-C6BB8200AF92}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{C751E426-9F0F-4870-A446-707D9BA221CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BACC4E54-324C-4FF0-98C0-373EAD795CA1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D6628131-9648-4D5C-87F7-62CC07DA9251}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{108880FB-9052-4565-9B6D-E419DBA0DF06}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E5115B3D-230F-47F9-8863-83654118C003}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{7706AAB6-24A6-4285-966D-218AACBD9D5D}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{56DB03A9-9EC4-4D68-8528-76457B298B90}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{B6FC434E-4A96-400F-A140-C22AFCF6AC0F}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{B5F0D349-2A7B-4200-9831-92A29F1E5451}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{9C97EAA6-3EFD-45EE-B4BB-80C61B8C2812}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{FCE9BB82-3146-464A-A544-EE33610E53CE}] => (Allow) C:\Program Files\Oculus\Support\oculus-dash\dash\bin\OculusDash.exe (Oculus VR, LLC -> )
FirewallRules: [{8D478E6E-3431-48A0-A67A-5AE60C0D2522}] => (Allow) C:\Program Files\Oculus\Support\oculus-dash\dash\bin\OculusDash.exe (Oculus VR, LLC -> )
FirewallRules: [{39000E8F-085A-4BA9-894E-017113E94CB8}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A03B5D70-EA4E-48BE-AAB7-5C2B913357DD}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F2EC8945-1070-41CC-ABEB-46402DAA5291}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe (Oculus VR, LLC -> Epic Games, Inc.)
FirewallRules: [{95269E6C-1C2B-4AA4-B78B-AC611E7D5715}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe (Oculus VR, LLC -> Epic Games, Inc.)
FirewallRules: [{46C52F69-D8BA-4310-9FD1-2D5AB17C8480}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Engine\Binaries\Win64\UnrealCEFSubProcess.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{51419654-C6A2-4ACB-81C3-7010D88B6784}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Engine\Binaries\Win64\UnrealCEFSubProcess.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{AE8B5745-B3D0-4182-9EEB-C6363ACF2664}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe (Oculus VR, LLC) [File not signed]
FirewallRules: [{B32C1183-5031-41E6-AA40-28D29ED9814A}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe (Oculus VR, LLC) [File not signed]
FirewallRules: [{B79DE1C9-364F-4F05-992B-B3714FA8E99F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> Valve Corporation)
FirewallRules: [{FF84FE40-827F-4F67-B4D8-4BFB204D4617}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> Valve Corporation)
FirewallRules: [{2EF2AC82-2368-4189-BF86-9D94726D6726}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{872AF88D-3CDA-4109-8A0A-5EF12EC03384}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{1E716B21-A84C-405D-9D12-73E626FFF0B0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{0B4EB8E8-76E1-4569-9D38-6BBB4BB3FBCC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{F5E81E7A-9705-45FA-9FB3-FF956B58D9C0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{12D6D9CC-CB11-48C8-BDF2-ABD89501D26D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{8D2EB7C0-3B3B-467B-BBC8-1159C9420EB3}D:\program files\epic games\overcooked2\overcooked2.exe] => (Allow) D:\program files\epic games\overcooked2\overcooked2.exe () [File not signed]
FirewallRules: [UDP Query User{94B62DDC-7AAD-4A1A-8F5F-69F237B651CA}D:\program files\epic games\overcooked2\overcooked2.exe] => (Allow) D:\program files\epic games\overcooked2\overcooked2.exe () [File not signed]
FirewallRules: [TCP Query User{D6D1EBC7-ECC0-49D4-B3ED-A53315B9D9D2}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{B5FB080D-2E35-46C6-BB98-E13B0A951C85}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{A7C1BFA2-F18D-4214-BA6D-EC38C3DD0FCE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B22D441A-F7E0-4044-8252-0EE367FDC812}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C1388B1A-F85F-4419-B0A7-C43B3F0CA5CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6EC7C93E-7540-475A-88C4-6ED8D9372E88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{9F1FC320-F0A1-4409-ADDA-D077A1B88F69}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{A5CACE2B-4F80-4620-8711-363ECA1F3DF6}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{65113FDA-2B99-4C72-919A-BB9077EB14E9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{69B92390-FDE3-4799-AE11-B10981533533}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{8DFC869D-CAAF-4CFE-A910-FEC0306FF5CF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{75B5AE24-FCB4-4E80-9495-4B6C0D99C659}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{E2F44064-B81B-4490-AC58-A670C6DDAE9A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{A8AD8A4F-687F-4354-B54C-950F124A2A62}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{8A5E30E3-0E59-4880-ACE3-E467DCE8B032}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
11-08-2021 21:29:50 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (08/12/2021 12:01:33 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/12/2021 12:01:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b078cf45-d4dc-4739-a30a-f04e6f46d3f8}
 
Error: (08/11/2021 09:31:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (08/11/2021 09:31:29 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (08/11/2021 09:31:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (08/11/2021 09:31:29 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (08/11/2021 09:19:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialise the Catalogue Database. The ESENT error was: -1409.
 
 
System errors:
=============
Error: (08/12/2021 09:40:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (08/12/2021 09:40:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (08/12/2021 09:40:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Chroma SDK Server service terminated unexpectedly. It has done this 1 time(s).
 
Error: (08/12/2021 09:40:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (08/12/2021 09:40:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Logitech Video Camera Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (08/12/2021 09:40:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Chroma SDK Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (08/12/2021 09:40:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (08/12/2021 12:01:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Windows Defender:
================
Date: 2021-08-11 21:30:55
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1.90 02/23/2016
Motherboard: MSI B150A GAMING PRO (MS-7978)
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 49%
Total physical RAM: 8136 MB
Available physical RAM: 4140.01 MB
Total Virtual: 17864 MB
Available Virtual: 12184.6 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:222.46 GB) (Free:101.3 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.5 GB) (Free:719.79 GB) NTFS
 
\\?\Volume{89272b00-7fc7-4e00-bbd2-f6f54a028674}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{b1675ca1-d43d-421d-90ae-dfe1485612ba}\ () (Fixed) (Total:0.56 GB) (Free:0.08 GB) NTFS
\\?\Volume{89c7d842-2982-45a2-bfa1-e640c8ff006e}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Your logs are clean.

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#13
icekite

icekite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
# Run at 12/8/2021 5:06:03 PM
# KpRm (Kernel-panik) version 2.9.2
# Run by User from C:\Users\User\Desktop
# Computer Name: DESKTOP-JNRBSRR
# OS: Windows 10 X64 (19043) 
# Number of passes: 1
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\User\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2021-08-12-17-06-03
 
- Delete Tools -
 
 
  ## AdwCleaner
     [OK] C:\Users\User\Desktop\AdwCleaner.exe deleted
     [OK] C:\AdwCleaner deleted
 
  ## FRST
     [OK] C:\Users\User\Desktop\Addition.txt deleted
     [OK] C:\Users\User\Desktop\Fixlog.txt deleted
     [OK] C:\Users\User\Desktop\FRST.txt deleted
     [OK] C:\Users\User\Desktop\FRST64.exe deleted
     [OK] C:\FRST deleted
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
   ~ [OK] RP named Windows Modules Installer created at 08/11/2021 13:29:50 deleted
     [OK] All system restore points have been successfully deleted
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 08/12/2021 09:06:17
 
-- KPRM finished in 29.95s --
 

  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Everything looks good.  :yes: 

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows 10 antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing. ZZZQehw.gif



I'm glad I was able to help you.
 


  • 0

#15
icekite

icekite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thank youuuu so much for the help!  :D


  • 1






Similar Topics


Also tagged with one or more of these keywords: StartupCheckLibrary.dll, winscomrssrv.dll

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP