Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Malware [Solved]


  • This topic is locked This topic is locked

#1
Eldon123

Eldon123

    Member

  • Member
  • PipPip
  • 31 posts

I was recently looking for an addon for a game I play and came across a website that I thought was fine, I clicked on the website called bestwowaddons and it immediatly redirected me to another website called tuies.xyz. The website asked me to update my chrome and had a link button but I just closed out the tab, after that I went and scanned my pc with malwarebytes, mbar from norton and eset online scanner. None of the scans detected any threats but I'm still worried cause when I first installed eset online scanner it would open then close the program and I had to restart my pc to get it to work. I have to go to work in an hr and I won't be home until later tonight. I will reply to the topic tomorrow when I wake up. Thanks a bunch and have a good day!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2021
Ran by Dohnovan (administrator) on DESKTOP-LBHF8BQ (Micro-Star International Co., Ltd MS-7A38) (04-10-2021 14:14:20)
Running from C:\Users\Dohnovan\Downloads
Loaded Profiles: Dohnovan
Platform: Windows 10 Home Version 20H2 19042.1237 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adlice -> ) C:\Program Files\UCheck\UCheck64.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe
(Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͱ621.inf_amd64_f6054ee530919325\B371622\atieclxx.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͱ621.inf_amd64_f6054ee530919325\B371622\atiesrxx.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(BrightFort LLC -> ) C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe <2>
(Discord Inc. -> Discord Inc.) C:\Users\Dohnovan\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <19>
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.9022.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.9022.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2>
(The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngineProcess.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesGG.exe [14546768 2021-09-08] (SteelSeries ApS -> SteelSeries ApS)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [70858912 2021-07-15] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282600 2021-09-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3522168 2021-09-16] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Discord] => C:\Users\Dohnovan\AppData\Local\Discord\Update.exe [1512104 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11223920 2021-07-06] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3522168 2021-09-16] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.61\Installer\chrmstp.exe [2021-09-24] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\94.1.30.87\Installer\chrmstp.exe [2021-10-01] (Brave Software, Inc. -> Brave Software, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {003F3181-A20A-4D6E-AF07-3F433F29B336} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [63960 2021-09-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {08E5B611-4DA5-4724-BF5F-CEB73F9E0C7D} - System32\Tasks\SSAudioSvc64Run => C:\Program Files\Steelseries\SS Audio\Foundation\x64\SSAudioSvc64.exe [797088 2020-01-08] (A-Volute -> )
Task: {0E5910AF-1715-4EAC-B195-D681FFD5A83F} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1717720 2021-09-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {2375A8AC-D351-4C27-A84C-B2A4999986C7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139096 2021-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {237AC036-8D6E-419A-8CEC-C9065BDF0DFA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {2AFE60A3-3C00-4AF5-BFF5-8D96C9C8F860} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {410227B3-2D72-4BD0-84E4-4510B87BEE40} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Dohnovan\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-10-03] (ESET, spol. s r.o. -> ESET)
Task: {45759402-4A81-4698-B19A-AC3847C58764} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [269272 2021-09-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {46C985FF-E8CD-47E1-B79E-C8BED82C0F88} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139096 2021-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B6602AC-DE36-4E1E-9812-98B2BA5145F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {534D2581-6C13-42B2-AED8-659003D3FD3D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {568E4EEF-5E99-4C66-B8E9-DA74BFF2DCA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {57D400E4-1AED-4949-8A64-6154CB072473} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1717720 2021-09-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {66129C80-EAB0-4B1D-9A56-5CFE8ACA6EDF} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [63960 2021-09-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {72272DFC-049E-46D5-8C98-9563407B5D9D} - System32\Tasks\SSAudioSvc32Run => C:\Program Files\Steelseries\SS Audio\Foundation\SSAudioSvc32.exe [1299872 2020-01-08] (A-Volute -> )
Task: {77912C4C-1924-46CA-A4DA-2D80B75DE78D} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Dohnovan\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-10-03] (ESET, spol. s r.o. -> ESET)
Task: {7D484749-46DF-40A9-AF50-007BE595726C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {9449CE46-5A5A-4AE1-A155-33ACE9FFE2A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ABF9D64A-DDE5-4C3A-B43D-BF44BA7F0D77} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1717720 2021-09-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {AD1F8BF8-F4D4-4936-8EDC-48A7BE2F253C} - System32\Tasks\StartAUEP => C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe [620504 2021-09-10] (Advanced Micro Devices Inc. -> AMD)
Task: {BC2173B5-C39F-40B2-99E4-F41B28F26961} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {BDA358F7-FD10-4FAB-A724-6CE5B18B18B1} - System32\Tasks\UCheck => C:\Program Files\UCheck\UCheck64.exe [29145424 2021-06-15] (Adlice -> )
Task: {C7F9C868-C3E7-41C8-A0F4-32BE030F840C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E6184A99-7DEE-4300-B4FF-27848FA6AA86} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [358912 2021-09-10] (Advanced Micro Devices, Inc.) [File not signed]
Task: {EF2510AF-C11A-4F06-845C-2D10CBD72D75} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F7C11E4D-8953-4DE9-983A-948111C8C52C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1a8f5a04-83c8-490b-b4bc-64e8c2c6fd6d}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1cd6b0cf-5059-4ef2-9609-a8d02c0c81b4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3c01823b-a919-4197-a2ce-b7ef6cd5d03a}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{57a5de9c-d2e2-48be-96b9-44b1389dcc84}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8f09853e-c450-47d3-b7bc-5aedbe848278}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{dad6bf82-733a-495c-84a7-154afa6ad446}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e0510115-42dc-46d8-842a-cc54eeda8aa9}: [DhcpNameServer] 10.0.1.1
 
Edge: 
=======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12]
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (AdGuard AdBlocker) -> EdgeExtension_AdguardAdguardAdBlocker_m055xr0c82818 => C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.3.8.0_neutral__m055xr0c82818 [2020-01-11]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-26]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-05-26]
Edge Extension: (AdGuard AdBlocker) - C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2021-06-23]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default [2021-10-04]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR Extension: (Slides) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-14]
CHR Extension: (Docs) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-14]
CHR Extension: (Google Drive) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-14]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-02]
CHR Extension: (Sheets) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-14]
CHR Extension: (Google Docs Offline) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-28]
CHR Extension: (MetaMask) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-09-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-24]
 
Brave: 
=======
BRA Profile: C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-08-29]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-08-29]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-08-29]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-08-29]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-08-29]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-08-29]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe [511448 2021-09-10] (Advanced Micro Devices Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2021-08-22] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-08-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5117648 2021-07-13] (SurfRight B.V. -> SurfRight B.V.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7462200 2021-07-05] (Malwarebytes Inc -> Malwarebytes)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-28] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-06-25] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294520 2021-09-16] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533824 2021-08-30] (Razer USA Ltd. -> Razer Inc.)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe [31568 2021-09-08] (SteelSeries ApS -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [41376 2021-07-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S2 AMDRyzenMasterDriverV19; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [43336 2021-07-07] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_50fee1227e96ec14\amdsafd.sys [100792 2021-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepositoryͱ621.inf_amd64_f6054ee530919325\B371622\amdkmdag.sys [80473616 2021-09-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [410640 2021-07-13] (Microsoft Windows Hardware Compatibility Publisher -> SurfRight B.V.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-31] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl927b4999; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55BDAEB2-2527-48D0-99B3-8A3745A83E92}\MpKslDrv.sys [130296 2021-10-04] (Microsoft Windows -> Microsoft Corporation)
R1 ndextlag; C:\WINDOWS\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0067; C:\WINDOWS\System32\drivers\RzDev_0067.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_024e; C:\WINDOWS\System32\drivers\RzDev_024e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [135688 2016-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [48848 2020-09-25] (SteelSeries ApS -> SteelSeries ApS)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2018-02-18] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S2 AMDRyzenMasterDriverV17; \??\C:\Program Files\AMD\CNext\CNext\AMDRyzenMasterDriver.sys [X]
S3 cpuz149; \??\C:\Users\Dohnovan\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-10-04 14:14 - 2021-10-04 14:16 - 000027002 _____ C:\Users\Dohnovan\Downloads\FRST.txt
2021-10-04 14:13 - 2021-10-04 14:13 - 000000000 ____D C:\Users\Dohnovan\Downloads\FRST-OlderVersion
2021-10-04 14:12 - 2021-10-04 14:15 - 000000000 ____D C:\FRST
2021-10-04 14:11 - 2021-10-04 14:13 - 002308096 _____ (Farbar) C:\Users\Dohnovan\Downloads\FRST64.exe
2021-10-04 08:21 - 2021-10-04 08:21 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\64359530.sys
2021-10-04 08:01 - 2021-10-04 08:01 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2021-10-04 08:01 - 2021-10-04 08:01 - 000003870 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-10-04 08:01 - 2021-10-04 08:01 - 000003428 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-10-03 22:42 - 2021-10-03 22:42 - 000001282 _____ C:\Users\Dohnovan\Desktop\ESET Online Scanner.lnk
2021-10-03 22:38 - 2021-10-03 22:38 - 000003084 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-10-03 22:16 - 2021-10-03 22:16 - 011697056 _____ (ESET) C:\Users\Dohnovan\Downloads\esetonlinescanner (2).exe
2021-10-03 22:03 - 2021-10-03 22:03 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\ESET
2021-10-03 21:00 - 2021-10-03 21:00 - 000071445 _____ C:\Users\Dohnovan\Downloads\Postal-v3.4.0.zip
2021-09-27 12:53 - 2021-09-27 12:53 - 000025404 _____ C:\Users\Dohnovan\Downloads\BindPad_2.2.4.zip
2021-09-27 11:29 - 2021-09-27 11:29 - 000310225 _____ C:\Users\Dohnovan\Downloads\OA_-_Nations_Benefits_-_Wave_1.pdf
2021-09-27 11:27 - 2021-09-27 11:27 - 000340116 _____ C:\Users\Dohnovan\Downloads\Enterprise_-_OA_Wave_2_2021.pdf
2021-09-27 11:22 - 2021-09-27 11:22 - 000336860 _____ C:\Users\Dohnovan\Downloads\Payroll_-_OA_Wave_2_2021.pdf
2021-09-27 11:09 - 2021-09-27 11:09 - 000509171 _____ C:\Users\Dohnovan\Downloads\GBA_GUIDEBOOK.pdf
2021-09-24 12:28 - 2021-09-24 12:28 - 001190701 _____ C:\Users\Dohnovan\Downloads\Goodwill Employee Handbook - Final 1-30-2020 (1).pdf
2021-09-23 16:57 - 2021-09-23 16:57 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-09-22 14:36 - 2021-09-22 14:36 - 000003304 _____ C:\WINDOWS\system32\Tasks\StartCNBM
2021-09-22 14:36 - 2021-09-22 14:36 - 000003200 _____ C:\WINDOWS\system32\Tasks\StartAUEP
2021-09-22 14:30 - 2021-10-03 22:38 - 000003124 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2021-09-22 14:29 - 2021-09-22 14:29 - 000003488 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2021-09-22 14:29 - 2021-09-22 14:29 - 000003080 _____ C:\WINDOWS\system32\Tasks\StartDVR
2021-09-22 14:29 - 2021-09-22 14:29 - 000002620 _____ C:\WINDOWS\system32\Tasks\AMDRyzenMasterSDKTask
2021-09-22 14:29 - 2021-09-22 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2021-09-22 14:29 - 2021-09-22 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Link For Windows
2021-09-22 14:29 - 2021-09-22 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2021-09-22 14:28 - 2021-09-22 14:28 - 000003160 _____ C:\WINDOWS\system32\Tasks\StartCN
2021-09-22 14:28 - 2021-09-22 14:28 - 000000000 ____D C:\Users\Dohnovan\AppData\LocalLow\AMD
2021-09-22 14:17 - 2021-09-10 17:19 - 001869320 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-09-22 14:17 - 2021-09-10 17:19 - 001869320 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-09-22 14:17 - 2021-09-10 17:19 - 001448968 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-09-22 14:17 - 2021-09-10 17:19 - 001448968 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-09-22 14:17 - 2021-09-10 17:19 - 001107184 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 001107184 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000959872 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000959872 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000797192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000674304 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000557568 _____ C:\WINDOWS\system32\GameManager64.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000500736 _____ C:\WINDOWS\system32\dgtrayicon.exe
2021-09-22 14:17 - 2021-09-10 17:19 - 000491536 _____ C:\WINDOWS\system32\EEURestart.exe
2021-09-22 14:17 - 2021-09-10 17:19 - 000418832 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000344080 _____ C:\WINDOWS\system32\clinfo.exe
2021-09-22 14:17 - 2021-09-10 17:19 - 000201728 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000181264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000178704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000166928 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000158224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000142864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000141328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000091136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000075792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000047120 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000044040 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000019936 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2021-09-22 14:17 - 2021-09-10 17:19 - 000019928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 084036616 _____ C:\WINDOWS\system32\amd_comgr.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 069085184 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 001395200 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 001395200 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000942096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000846352 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2021-09-22 14:17 - 2021-09-10 17:18 - 000769552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000524808 _____ C:\WINDOWS\system32\atieah64.exe
2021-09-22 14:17 - 2021-09-10 17:18 - 000468984 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000466952 _____ C:\WINDOWS\system32\amdlogum.exe
2021-09-22 14:17 - 2021-09-10 17:18 - 000393208 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2021-09-22 14:17 - 2021-09-10 17:18 - 000260624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000219664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000193440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000157360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000150520 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000139728 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000139256 _____ C:\WINDOWS\system32\atidxx64.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000137728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000133632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000131584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000113152 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000111088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000110080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2021-09-22 14:17 - 2021-09-10 17:18 - 000070656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2021-09-22 14:17 - 2021-09-10 17:17 - 069809168 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll
2021-09-22 14:17 - 2021-09-10 17:17 - 001689408 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2021-09-22 14:17 - 2021-09-10 17:17 - 001368240 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2021-09-22 14:17 - 2021-09-10 17:17 - 000557584 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2021-09-22 14:17 - 2021-09-10 17:17 - 000535552 _____ C:\WINDOWS\system32\amdmiracast.dll
2021-09-22 14:17 - 2021-09-10 17:17 - 000420880 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2021-09-22 14:17 - 2021-09-10 17:17 - 000150064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2021-09-22 14:17 - 2021-09-10 17:17 - 000139704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2021-09-22 14:17 - 2021-09-10 17:17 - 000125584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2021-09-22 14:17 - 2021-09-10 17:17 - 000111072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2021-09-22 14:17 - 2021-09-10 13:45 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2021-09-22 14:17 - 2021-09-10 13:45 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2021-09-22 14:17 - 2021-09-10 13:38 - 058201176 _____ C:\WINDOWS\system32\amdxc64.so
2021-09-22 14:17 - 2021-09-10 12:36 - 000562656 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2021-09-22 14:17 - 2021-09-10 12:36 - 000562656 _____ C:\WINDOWS\system32\atiapfxx.blb
2021-09-22 14:17 - 2021-08-02 23:55 - 000246200 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys
2021-09-19 18:03 - 2021-09-19 18:03 - 000526279 _____ C:\Users\Dohnovan\Downloads\Icicle.rar
2021-09-14 23:23 - 2021-10-03 22:22 - 000000075 _____ C:\Users\Dohnovan\Desktop\settings.sav
2021-09-14 23:14 - 2021-09-14 23:14 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-14 23:14 - 2021-09-14 23:14 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-14 23:14 - 2021-09-14 23:14 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-14 23:14 - 2021-09-14 23:14 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-14 23:14 - 2021-09-14 23:14 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-14 23:13 - 2021-09-14 23:13 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-14 23:13 - 2021-09-14 23:13 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-14 23:13 - 2021-09-14 23:13 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-14 23:13 - 2021-09-14 23:13 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-14 23:13 - 2021-09-14 23:13 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-14 23:13 - 2021-09-14 23:13 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-14 23:13 - 2021-09-14 23:13 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-14 23:13 - 2021-09-14 23:13 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-14 23:13 - 2021-09-14 23:13 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-14 23:12 - 2021-09-14 23:12 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-14 23:12 - 2021-09-14 23:12 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-14 23:12 - 2021-09-14 23:12 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-14 23:12 - 2021-09-14 23:12 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-14 23:12 - 2021-09-14 23:12 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-14 23:12 - 2021-09-14 23:12 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-14 22:42 - 2021-09-14 22:42 - 000000000 ___HD C:\$WinREAgent
2021-09-10 14:48 - 2021-09-10 14:48 - 000000030 _____ C:\Users\Dohnovan\Desktop\work.txt
2021-09-07 13:25 - 2021-09-07 13:25 - 000002572 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harver System Checker.lnk
2021-09-07 13:25 - 2021-09-07 13:25 - 000002564 _____ C:\Users\Dohnovan\Desktop\Harver System Checker.lnk
2021-09-07 13:25 - 2021-09-07 13:25 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\@harver
2021-09-07 13:25 - 2021-09-07 13:25 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\@harversaas-diagnostic-app-updater
2021-09-06 14:49 - 2021-09-06 14:49 - 012430284 _____ C:\Users\Dohnovan\Downloads\DBM-Warmane-main.zip
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-10-04 14:17 - 2021-03-23 18:05 - 000000000 ____D C:\ProgramData\TEMP
2021-10-04 14:01 - 2020-06-18 15:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-04 14:01 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-04 13:41 - 2020-12-09 20:01 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\discord
2021-10-04 13:39 - 2021-07-15 19:23 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Discord
2021-10-04 13:26 - 2018-01-14 11:41 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-04 09:30 - 2021-05-31 15:23 - 000000000 ____D C:\Users\Dohnovan\Desktop\mbar
2021-10-04 09:30 - 2019-04-05 09:21 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-10-03 22:49 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-03 22:49 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-03 22:42 - 2019-06-20 10:43 - 000001388 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-10-03 22:41 - 2018-04-14 10:45 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\CrashDumps
2021-10-03 22:37 - 2020-06-18 14:32 - 000000000 ____D C:\Users\Dohnovan
2021-10-03 22:36 - 2020-06-18 16:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-03 22:36 - 2020-06-18 15:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-03 22:25 - 2020-06-18 15:39 - 000436016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-03 22:25 - 2019-06-19 15:54 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2021-10-03 22:24 - 2019-12-07 03:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-10-03 22:24 - 2017-04-11 10:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-10-03 22:22 - 2021-08-10 12:24 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\steelseries-gg-client
2021-10-03 21:01 - 2020-06-03 11:41 - 000000000 ____D C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a
2021-10-03 19:01 - 2017-12-08 22:06 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-03 08:17 - 2020-06-13 10:56 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-03 08:17 - 2020-06-13 10:56 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-02 08:53 - 2020-11-02 10:08 - 000003510 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA1d6b1325f7ebb04
2021-10-02 08:53 - 2020-11-02 10:07 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b1323b307d96
2021-10-01 16:07 - 2020-09-19 15:59 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-10-01 16:07 - 2020-09-19 15:59 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2021-09-30 14:21 - 2020-06-18 16:04 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-09-30 14:21 - 2020-06-18 16:04 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-29 08:10 - 2018-03-13 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2021-09-27 15:52 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-26 20:19 - 2020-06-18 16:04 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2108490749-413910539-1021375685-1003
2021-09-26 20:19 - 2020-06-18 14:32 - 000002395 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-26 18:46 - 2020-06-18 15:49 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-24 17:23 - 2018-05-21 16:36 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\D3DSCache
2021-09-24 06:10 - 2018-01-14 11:42 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-24 06:10 - 2018-01-14 11:42 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-23 16:57 - 2021-08-18 09:59 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\Zoom
2021-09-22 14:36 - 2020-06-03 15:42 - 000000000 ____D C:\WINDOWS\system32\AMD
2021-09-22 14:36 - 2018-05-21 16:18 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\AMD
2021-09-22 14:35 - 2021-07-15 19:24 - 000002249 _____ C:\Users\Dohnovan\Desktop\Discord.lnk
2021-09-22 14:35 - 2017-04-11 10:20 - 000000000 ____D C:\Program Files\AMD
2021-09-22 14:17 - 2017-04-11 10:20 - 000000000 ____D C:\AMD
2021-09-17 17:30 - 2021-01-04 11:37 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\AMD_Common
2021-09-15 14:10 - 2017-04-07 15:15 - 000000000 ____D C:\Program Files\Microsoft Office
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-14 23:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-14 23:25 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-14 23:22 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-14 22:40 - 2017-12-09 11:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-14 22:37 - 2017-12-09 11:40 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-10 17:18 - 2021-07-09 17:22 - 000109520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
2021-09-10 17:18 - 2021-07-09 17:09 - 001537024 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiacm64.dll
2021-09-10 17:18 - 2020-06-03 14:27 - 001848320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2021-09-10 17:18 - 2020-06-03 14:27 - 000202696 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2021-09-10 17:18 - 2020-06-03 14:27 - 000170232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2021-09-10 17:18 - 2020-06-03 14:27 - 000113664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2021-09-10 14:21 - 2021-03-30 11:35 - 002443328 _____ (AMD Inc.) C:\WINDOWS\SysWOW64\AMDBugReportTool.exe
2021-09-10 10:57 - 2018-04-19 16:31 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2021-09-10 10:54 - 2017-04-07 15:10 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-10 09:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-08 11:11 - 2017-12-13 05:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
 
==================== Files in the root of some directories ========
 
2021-03-01 20:52 - 2021-03-08 23:19 - 000007598 _____ () C:\Users\Dohnovan\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2021
Ran by Dohnovan (04-10-2021 14:18:11)
Running from C:\Users\Dohnovan\Downloads
Windows 10 Home Version 20H2 19042.1237 (X64) (2020-06-18 22:05:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2108490749-413910539-1021375685-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2108490749-413910539-1021375685-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2108490749-413910539-1021375685-1002 - Limited - Disabled)
Dohnovan (S-1-5-21-2108490749-413910539-1021375685-1003 - Administrator - Enabled) => C:\Users\Dohnovan
Guest (S-1-5-21-2108490749-413910539-1021375685-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2108490749-413910539-1021375685-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version:  - )
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.9.1 - Advanced Micro Devices, Inc.)
APOInstallerMSISetup (HKLM\...\{5C4734F8-9AF3-4324-A36E-DC147853B2F5}) (Version: 1.2.1101 - Steelseries) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{C9BA81B6-4A0F-454A-B331-81A45A57573E}) (Version: 1.2.1101 - Steelseries) Hidden
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
Black Desert (HKLM-x32\...\BlackDesert_NA_is1) (Version: 1.0 - PearlAbyss Corp.)
Branding64 (HKLM\...\{C871FC62-0186-40ED-BAEA-7C65BE367755}) (Version: 1.00.0006 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 94.1.30.87 - Brave Software Inc)
Discord (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Discord) (Version: 1.0.9002 - Discord Inc.)
ExitLag version 4.183 (HKLM-x32\...\{B3117F72-F22D-4DA7-B554-B3F4EDBB408F}_is1) (Version: 4.183 - ExitLag)
FINAL FANTASY XIV ONLINE (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.6.1.0 - miHoYo Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.61 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Harver System Checker 2.0.6 (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\57ba83c7-44cc-50c5-93e2-68092ebb1ce7) (Version: 2.0.6 - Harver)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.14.907 - SurfRight B.V.)
Intel® Wireless Bluetooth® (HKLM-x32\...\{0E13241D-76B0-4A4C-9665-3969F55C08D5}) (Version: 19.40.1702.1091 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{263d87d0-9772-40be-ab36-eabbdbff49f7}) (Version: 21.20.1 - Intel Corporation)
Malwarebytes version 4.4.2.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.38 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 94.0.992.31 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\OneDriveSetup.exe) (Version: 21.170.0822.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
ProductDaemonSetup (HKLM\...\{C31282E4-C1A3-433C-A803-D9ED4A99DC8F}) (Version: 1.2.1101 - Steelseries) Hidden
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.21.1 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.0920.091710 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Revo Uninstaller 2.2.8 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.8 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
RyzenMasterSDK (HKLM\...\{36366F19-5CCC-46DF-81CC-89E4EAC2A6E1}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SSAudio (HKLM-x32\...\{1c112a1f-1120-415d-85ab-7a3de5b0a9c2}) (Version: 1.2.1101 - Steelseries)
SSAudioDaemonMSISetup (HKLM\...\{CDEA766D-38C5-448B-8316-02D01C842E1E}) (Version: 1.2.1101 - Steelseries) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries GG 8.0.0 (HKLM\...\SteelSeries Engine 3) (Version: 8.0.0 - SteelSeries ApS)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1220 - SUPERAntiSpyware.com)
The Witcher 3 Mod Manager (HKLM\...\{B8F09437-C8B5-4DFD-B655-C93E8C05A8DE}) (Version: 0.6.4 - stefan3372)
UCheck version 4.0.6.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 4.0.6.0 - Adlice Software)
ULauncher (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\ULauncher) (Version: 0.33.52 - uwow.biz)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\ZoomUMX) (Version: 5.8.0 (1324) - Zoom Video Communications, Inc.)
 
Packages:
=========
9 zip -> C:\Program Files\WindowsApps\184MagikHub.9zip_3.3.75.0_x64__hvr7qkvwfhvx6 [2020-07-19] (Magik Hub) [MS Ad]
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12] (eyeo GmbH)
AdGuard AdBlocker -> C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.3.8.0_neutral__m055xr0c82818 [2020-01-11] (Performix)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.8.33.0_x86__kgqvnymyfvs32 [2021-08-26] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.203.500.0_x86__kgqvnymyfvs32 [2021-10-01] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_6.2.17.0_x86__h6adky7gbf63m [2021-09-13] (Gameloft SE)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.44.4400.0_x86__ytsefhwckbdv6 [2021-10-01] (G5 Entertainment AB)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_131.1.242.0_x64__v10z8vjag6ke6 [2021-09-24] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.9.13.0_x86__h6adky7gbf63m [2021-10-01] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-04] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.17.3202.0_x64__8wekyb3d8bbwe [2021-10-01] (Microsoft Studios)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-05] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2017-12-09] (Plex)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2017-12-27] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2021-07-13] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-09-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-04-21 03:53 - 2021-04-21 03:53 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-19 06:40 - 2020-03-19 06:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2020-03-19 06:40 - 2020-03-19 06:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2021-07-07 06:37 - 2021-07-07 06:37 - 000562688 _____ (Advanced Micro Devices) [File not signed] C:\Program Files\AMD\CNext\CNext\Device.dll
2021-07-07 06:37 - 2021-07-07 06:37 - 000058880 _____ (Advanced Micro Devices) [File not signed] C:\Program Files\AMD\CNext\CNext\Platform.dll
2021-09-10 14:42 - 2021-09-10 14:42 - 001711616 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2017-09-05 00:15 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) [File not signed] C:\Program Files\AMD\CNext\CNext\D3DCompiler_47.dll
2020-04-19 10:41 - 2020-04-19 10:41 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-04-19 10:41 - 2020-04-19 10:41 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000057856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000031232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 001455104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 001227776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000740352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000123392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 001110528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000054784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 004255744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000171520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 001128448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000206336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000334336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000396800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 102854656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 005611008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 002877440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000056832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000290816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000336896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000134144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000106496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2021-04-21 03:53 - 2021-04-21 03:53 - 000093184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-30] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 15:03 - 2020-12-29 17:04 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\Dohnovan\AppData\Local\Microsoft\WindowsApps;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
Network Binding:
=============
Bluetooth Network Connection: ExitLag Game Booster -> nt_ndextlag (enabled) 
Wi-Fi: ExitLag Game Booster -> nt_ndextlag (enabled) 
Local Area Connection: ExitLag Game Booster -> nt_ndextlag (enabled) 
Ethernet 2: ExitLag Game Booster -> nt_ndextlag (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "OPENVPN-GUI"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F0412D97-2B69-47C9-BBFB-2ED8469D7CE2}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [{54B9FF3F-545D-4E04-86D8-EA8F5621F500}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [UDP Query User{A0E149A6-970C-44C4-AFFC-02FC91A4CB96}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [TCP Query User{C8177E75-DFAB-46C2-B950-CE420F73D664}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [{E246DB11-0299-4E9E-BAF1-F9600C9E1E87}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F01FBF58-567C-4C2D-9E09-69501E7126D0}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{0C6F481E-F930-4C76-AE5C-202166C80AE3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{3A8F03ED-1DF4-4EFC-AB24-470F3D8E2A04}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A73A6A68-3D6E-4ACB-BB1C-69891D2BC2E1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D98FA1A5-1463-4F80-B944-62DCFE82B0DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{21FC1428-1EFB-47FF-BF78-DB5B1945382E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A8E5B1A0-6D7D-4D9C-96E1-B72039726CC2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3D351B8C-C55C-4E63-8639-18CAD54C17A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{F51AAC48-DBDB-4C61-8F51-A45DA1FA8EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{8D6BD339-6DB0-4B01-B064-950E1CB534FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{D37551E3-AE21-495A-90C1-0CE6907D3259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{F2E459D0-8C52-44F9-B805-AFDA263B500D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{AE0EC883-ECC1-4257-9241-1C9586835901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{2C813A9F-F998-4D44-8B34-6963CF481A47}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{355EBCE9-2330-4B92-8E46-C7C76C402DA4}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [TCP Query User{4F7CACBF-BBB5-428E-B6EE-D1163044D084}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{31B319D4-01B2-48FE-81A7-51110CE771B7}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{732F52FA-463B-4228-8163-A5EC1E0B8C73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{50E286A9-EC43-4A42-82B3-B541B6893C62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{1F8ED8C6-7BC4-4A9D-A0C4-CB325EFD5D6B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{10E915F4-B060-41ED-9099-5EF5FEDC51B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{A1107BB9-D07D-4538-921E-DD81D2AEECB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{DCD1F17A-2BEB-42E9-AC79-2A27FFA26A0E}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher.exe => No File
FirewallRules: [{C4CC9AC9-07BD-47C8-8259-C0203C0F8F96}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher.exe => No File
FirewallRules: [{BCAA2A6E-48D3-4CDA-948C-91ED4C30BEEF}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher-64.exe => No File
FirewallRules: [{59194558-1F74-47C0-A292-E4C268CE4DE2}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher-64.exe => No File
FirewallRules: [{DF89A7C7-70CA-43B2-89FA-5ACD631CC317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{47E669C5-EA82-4003-BFAA-1B77955F294F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{0E651DF0-62D3-41D5-B039-3C42CE903B96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 3\OakGame\Binaries\Win64\Borderlands3.exe (Gearbox Software, L.L.C. -> Gearbox Software)
FirewallRules: [{0E3D7240-E0CA-4AD9-AB7E-83B299E16D7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 3\OakGame\Binaries\Win64\Borderlands3.exe (Gearbox Software, L.L.C. -> Gearbox Software)
FirewallRules: [{FE841FE0-AF52-4F88-BAD3-FC27B3BBE355}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe => No File
FirewallRules: [{2B60EF73-79AF-4C30-B219-5C308A76B9A8}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe => No File
FirewallRules: [TCP Query User{AAE24D0B-66E4-4DBF-9D11-BDB5DA9EBBC4}C:\nexon\library\vindictus\appdata\en-us\vindictus.exe] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [UDP Query User{06001795-8783-4528-BC5A-AFC3D003C53F}C:\nexon\library\vindictus\appdata\en-us\vindictus.exe] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [{0D5E5246-A81D-468F-9430-DFC8227F37BF}] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [{B909D68E-397F-4B5F-BF10-32E134BD926D}] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [{54ABB1D1-2DBD-4DA9-BE0E-58C743F320FF}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{D83A3869-F28B-4A4C-B367-B9F8F6B62C4D}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{69712494-47AF-4F6B-81B1-D640176259B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam\nxsteam.exe => No File
FirewallRules: [{48BA3E5F-AFA4-43B6-9E64-80C5BA70286F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam\nxsteam.exe => No File
FirewallRules: [{1BE0A6A0-5613-4700-829E-225605C5D1E7}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{E2421D3E-73BD-4E25-9656-92F5F49738FB}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{91B94865-65B7-45CA-AF9E-44B3023CB9CC}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{5E6DF25B-EE60-4F06-B08B-00004B89EB93}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{E5143819-BFC2-4C59-9BAD-1344103E4AD5}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{FF3D1063-02E7-4038-8B96-7596039786DD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{39B48F71-0830-42FC-A13A-0F698E6A8A87}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C4B794D-4AB7-4578-9BD7-26297A3C9E24}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AD13146-2654-4E80-8E3E-3D2E9B62E6EA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DB8FEBBB-6628-47F5-803B-46B0F78DE4C4}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8DF02C6B-D5E9-434A-9987-D9A1544C024B}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{188F4C79-E313-408E-9BC2-9A8627714F05}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{093A4023-8BA4-40A8-937A-7E3E26A36939}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{DBF7A4A0-370F-475C-AD48-E9EB329F39A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{2646AFA2-162E-42A1-80E5-8FCE3C4E271C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{63CB26E2-BC63-42BC-A5D0-0E12FF443786}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{5E207D8B-3BCE-4A94-A395-EDB08807843E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{25CCACBF-D00F-4DE0-8FDF-ED1A812FAADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{3351BAF1-BD8E-4881-9C12-D3FEA0E049E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{C352B958-6E94-40B3-88AF-A69CC8BF5CB5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{68C81444-1097-4A61-ACE3-076398183070}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\94.0.992.31\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9BD8C418-A5C0-4B11-AFF4-4F757DB64AC0}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
 
==================== Restore Points =========================
 
22-09-2021 14:21:16 Radeon Installer
29-09-2021 16:35:08 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/03/2021 10:41:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002e1a4c
Faulting process id: 0x1b90
Faulting application start time: 0x01d7b8d989824976
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 65742a4b-25ef-48e1-b6d3-61ff9cdc751f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/03/2021 10:11:14 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (10/03/2021 09:33:53 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (10/02/2021 03:41:56 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (09/26/2021 09:47:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (09/23/2021 05:38:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 5ddc
 
Start Time: 01d7b0d11355b458
 
Termination Time: 11
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a\Wow.exe
 
Report Id: 2e450f56-81af-417c-9795-4627381b1e41
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (09/22/2021 02:16:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 36d4
 
Start Time: 01d7afdfcd362676
 
Termination Time: 8
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a\Wow.exe
 
Report Id: 47de8a7b-9ce8-446f-84bb-2e5124bb6027
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (09/22/2021 12:29:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 731c
 
Start Time: 01d7afdabfb115fa
 
Termination Time: 7
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a\Wow.exe
 
Report Id: 92e2eab5-82ba-40f9-b8ac-5f0c2c9b6fa1
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
 
System errors:
=============
Error: (10/03/2021 10:44:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (10/03/2021 10:44:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
 
Error: (10/03/2021 10:44:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (10/03/2021 10:44:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
 
Error: (10/03/2021 10:44:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (10/03/2021 10:44:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
 
Error: (10/03/2021 10:44:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (10/03/2021 10:44:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
 
 
Windows Defender:
================
Date: 2021-10-04 12:12:30
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-10-03 12:35:13
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-10-02 15:08:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-10-01 12:33:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-29 15:28:59
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2020-12-31 15:28:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-31 04:40:22
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1.51 05/02/2017
Motherboard: Micro-Star International Co., Ltd B350M BAZOOKA (MS-7A38)
Processor: AMD Ryzen 5 1400 Quad-Core Processor 
Percentage of memory in use: 74%
Total physical RAM: 8144.69 MB
Available physical RAM: 2088.58 MB
Total Virtual: 14800.69 MB
Available Virtual: 3366.68 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:219.18 GB) NTFS
Drive d: (Windows) (RAMDisk) (Total:930.91 GB) (Free:219.16 GB) NTFS
 
\\?\Volume{34b487b2-1f24-455b-888b-88fe24145180}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{7c6e70a3-6b38-47db-a32a-880393128539}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1BA58450)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

Edited by Eldon123, 04 October 2021 - 02:31 PM.

  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Eldon123.
 
Glad to see you again. :)
 
I will review your logs and be back as soon as I can.
 
Meanwhile, remember our basic rules here.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 


  • 0

#3
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Eldon.
 
I don't see anything malicious in these logs.
 
However, let's make some tidiness and ensure that everything is clean. First, please, move FRST tool from your Downloads folder on to your Desktop. 

 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S2 AMDRyzenMasterDriverV17; \??\C:\Program Files\AMD\CNext\CNext\AMDRyzenMasterDriver.sys [X]
S3 cpuz149; \??\C:\Users\Dohnovan\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL = 
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Gyazo"
FirewallRules: [{F0412D97-2B69-47C9-BBFB-2ED8469D7CE2}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [{54B9FF3F-545D-4E04-86D8-EA8F5621F500}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [UDP Query User{A0E149A6-970C-44C4-AFFC-02FC91A4CB96}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [TCP Query User{C8177E75-DFAB-46C2-B950-CE420F73D664}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [{3D351B8C-C55C-4E63-8639-18CAD54C17A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{F51AAC48-DBDB-4C61-8F51-A45DA1FA8EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{10E915F4-B060-41ED-9099-5EF5FEDC51B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{A1107BB9-D07D-4538-921E-DD81D2AEECB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{DCD1F17A-2BEB-42E9-AC79-2A27FFA26A0E}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher.exe => No File
FirewallRules: [{C4CC9AC9-07BD-47C8-8259-C0203C0F8F96}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher.exe => No File
FirewallRules: [{BCAA2A6E-48D3-4CDA-948C-91ED4C30BEEF}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher-64.exe => No File
FirewallRules: [{59194558-1F74-47C0-A292-E4C268CE4DE2}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher-64.exe => No File
FirewallRules: [{DF89A7C7-70CA-43B2-89FA-5ACD631CC317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{47E669C5-EA82-4003-BFAA-1B77955F294F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{FE841FE0-AF52-4F88-BAD3-FC27B3BBE355}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe => No File
FirewallRules: [{2B60EF73-79AF-4C30-B219-5C308A76B9A8}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe => No File
FirewallRules: [TCP Query User{AAE24D0B-66E4-4DBF-9D11-BDB5DA9EBBC4}C:\nexon\library\vindictus\appdata\en-us\vindictus.exe] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [UDP Query User{06001795-8783-4528-BC5A-AFC3D003C53F}C:\nexon\library\vindictus\appdata\en-us\vindictus.exe] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [{0D5E5246-A81D-468F-9430-DFC8227F37BF}] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [{B909D68E-397F-4B5F-BF10-32E134BD926D}] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [{69712494-47AF-4F6B-81B1-D640176259B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam\nxsteam.exe => No File
FirewallRules: [{48BA3E5F-AFA4-43B6-9E64-80C5BA70286F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam\nxsteam.exe => No File
FirewallRules: [{8DF02C6B-D5E9-434A-9987-D9A1544C024B}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{188F4C79-E313-408E-9BC2-9A8627714F05}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\Zoom\bin\airhost.exe => No File
Task: {410227B3-2D72-4BD0-84E4-4510B87BEE40} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Dohnovan\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-10-03] (ESET, spol. s r.o. -> ESET)
Task: {77912C4C-1924-46CA-A4DA-2D80B75DE78D} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Dohnovan\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-10-03] (ESET, spol. s r.o. -> ESET)
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

In your next reply please post:

  1. The fixlog.txt
  2. The AdwCleaner[S0*].txt

  • 0

#4
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thanks a bunch for the help!
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-10-2021
Ran by Dohnovan (05-10-2021 08:56:00) Run:1
Running from C:\Users\Dohnovan\Desktop
Loaded Profiles: Dohnovan
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S2 AMDRyzenMasterDriverV17; \??\C:\Program Files\AMD\CNext\CNext\AMDRyzenMasterDriver.sys [X]
S3 cpuz149; \??\C:\Users\Dohnovan\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL = 
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Gyazo"
FirewallRules: [{F0412D97-2B69-47C9-BBFB-2ED8469D7CE2}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [{54B9FF3F-545D-4E04-86D8-EA8F5621F500}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [UDP Query User{A0E149A6-970C-44C4-AFFC-02FC91A4CB96}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [TCP Query User{C8177E75-DFAB-46C2-B950-CE420F73D664}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe => No File
FirewallRules: [{3D351B8C-C55C-4E63-8639-18CAD54C17A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{F51AAC48-DBDB-4C61-8F51-A45DA1FA8EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{10E915F4-B060-41ED-9099-5EF5FEDC51B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{A1107BB9-D07D-4538-921E-DD81D2AEECB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{DCD1F17A-2BEB-42E9-AC79-2A27FFA26A0E}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher.exe => No File
FirewallRules: [{C4CC9AC9-07BD-47C8-8259-C0203C0F8F96}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher.exe => No File
FirewallRules: [{BCAA2A6E-48D3-4CDA-948C-91ED4C30BEEF}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher-64.exe => No File
FirewallRules: [{59194558-1F74-47C0-A292-E4C268CE4DE2}] => (Allow) C:\Users\Dohnovan\AppData\Local\uwow.biz\ULauncher\ULauncher-64.exe => No File
FirewallRules: [{DF89A7C7-70CA-43B2-89FA-5ACD631CC317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{47E669C5-EA82-4003-BFAA-1B77955F294F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{FE841FE0-AF52-4F88-BAD3-FC27B3BBE355}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe => No File
FirewallRules: [{2B60EF73-79AF-4C30-B219-5C308A76B9A8}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe => No File
FirewallRules: [TCP Query User{AAE24D0B-66E4-4DBF-9D11-BDB5DA9EBBC4}C:\nexon\library\vindictus\appdata\en-us\vindictus.exe] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [UDP Query User{06001795-8783-4528-BC5A-AFC3D003C53F}C:\nexon\library\vindictus\appdata\en-us\vindictus.exe] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [{0D5E5246-A81D-468F-9430-DFC8227F37BF}] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [{B909D68E-397F-4B5F-BF10-32E134BD926D}] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus.exe => No File
FirewallRules: [{69712494-47AF-4F6B-81B1-D640176259B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam\nxsteam.exe => No File
FirewallRules: [{48BA3E5F-AFA4-43B6-9E64-80C5BA70286F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam\nxsteam.exe => No File
FirewallRules: [{8DF02C6B-D5E9-434A-9987-D9A1544C024B}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{188F4C79-E313-408E-9BC2-9A8627714F05}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\Zoom\bin\airhost.exe => No File
Task: {410227B3-2D72-4BD0-84E4-4510B87BEE40} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Dohnovan\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-10-03] (ESET, spol. s r.o. -> ESET)
Task: {77912C4C-1924-46CA-A4DA-2D80B75DE78D} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Dohnovan\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-10-03] (ESET, spol. s r.o. -> ESET)
EmptyTemp: 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\System\CurrentControlSet\Services\AMDRyzenMasterDriverV17 => removed successfully
AMDRyzenMasterDriverV17 => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz149 => removed successfully
cpuz149 => service removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DFAEECB9-2C31-4635-BFCD-485BAEABDD31} => removed successfully
"HKU\S-1-5-21-2108490749-413910539-1021375685-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Gyazo" => removed successfully
"HKU\S-1-5-21-2108490749-413910539-1021375685-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Gyazo" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0412D97-2B69-47C9-BBFB-2ED8469D7CE2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54B9FF3F-545D-4E04-86D8-EA8F5621F500}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A0E149A6-970C-44C4-AFFC-02FC91A4CB96}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C8177E75-DFAB-46C2-B950-CE420F73D664}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D351B8C-C55C-4E63-8639-18CAD54C17A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F51AAC48-DBDB-4C61-8F51-A45DA1FA8EB5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10E915F4-B060-41ED-9099-5EF5FEDC51B9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1107BB9-D07D-4538-921E-DD81D2AEECB1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCD1F17A-2BEB-42E9-AC79-2A27FFA26A0E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C4CC9AC9-07BD-47C8-8259-C0203C0F8F96}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BCAA2A6E-48D3-4CDA-948C-91ED4C30BEEF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59194558-1F74-47C0-A292-E4C268CE4DE2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF89A7C7-70CA-43B2-89FA-5ACD631CC317}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47E669C5-EA82-4003-BFAA-1B77955F294F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE841FE0-AF52-4F88-BAD3-FC27B3BBE355}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B60EF73-79AF-4C30-B219-5C308A76B9A8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AAE24D0B-66E4-4DBF-9D11-BDB5DA9EBBC4}C:\nexon\library\vindictus\appdata\en-us\vindictus.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{06001795-8783-4528-BC5A-AFC3D003C53F}C:\nexon\library\vindictus\appdata\en-us\vindictus.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D5E5246-A81D-468F-9430-DFC8227F37BF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B909D68E-397F-4B5F-BF10-32E134BD926D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69712494-47AF-4F6B-81B1-D640176259B8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48BA3E5F-AFA4-43B6-9E64-80C5BA70286F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DF02C6B-D5E9-434A-9987-D9A1544C024B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{188F4C79-E313-408E-9BC2-9A8627714F05}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{410227B3-2D72-4BD0-84E4-4510B87BEE40}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{410227B3-2D72-4BD0-84E4-4510B87BEE40}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77912C4C-1924-46CA-A4DA-2D80B75DE78D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77912C4C-1924-46CA-A4DA-2D80B75DE78D}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 182421080 B
Java, Flash, Steam htmlcache => 122819897 B
Windows/system/drivers => 123234483 B
Edge => 0 B
Chrome => 697124417 B
Brave => 460623896 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 261862 B
Dohnovan => 64420599 B
 
RecycleBin => 95497340 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:00:44 ====
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-09-09.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-05-2021
# Duration: 00:00:34
# OS:       Windows 10 Home
# Scanned:  31998
# Detected: 1
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
PUP.Optional.Legacy             C:\END
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

Edited by Eldon123, 05 October 2021 - 09:19 AM.

  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Eldon.

 

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
Folder: C:\END
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

  • 0

#6
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
when I restarted my pc before posting the previous fixlog it logged me out of my google emails. Is there a reason for that?
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-10-2021
Ran by Dohnovan (05-10-2021 09:40:40) Run:2
Running from C:\Users\Dohnovan\Desktop
Loaded Profiles: Dohnovan
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Folder: C:\END
 
*****************
 
 
========================= Folder: C:\END ========================
 
C:\END = File
 
====== End of Folder: ======
 
 
 
==== End of Fixlog 09:40:40 ====

  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

when I restarted my pc before posting the previous fixlog it logged me out of my google emails. Is there a reason for that?

 
You mean after you ran the fixlog? If yes, there was a directive in the fix which emptied the following:

  • Windows Temp
  • Users Temp folders
  • Caches, HTML5 storages, Cookies and History for browsers scanned by FRST except Firefox clones
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr.db and qmgr*.dat files)
  • Recycle Bin

 

2. AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

  • 0

#8
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-09-09.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-05-2021
# Duration: 00:00:10
# OS:       Windows 10 Home
# Cleaned:  1
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
Deleted       C:\END
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1419 octets] - [05/10/2021 09:16:05]
AdwCleaner[S01].txt - [1480 octets] - [05/10/2021 15:59:50]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Eldon.

 

How is the computer running now? Any remaining questions/issues/concerns?


  • 0

#10
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

No, I think that's it. Thank you!


  • 0

Advertisements


#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Eldon,

 

The only remaining thing about this computer is its upgrade. It is running with version 20H2, a major upgrade behind. I recommend you to upgrade now, since this can patch many of the security holes through which attackers can infect your computer.
 
If you want to upgrade now:

  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to.
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

If you don't want to upgrade now, let me know to give you the final instructions for removing the tools we used and setting a new restore point.


  • 0

#12
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

When I upgrade my windows will it improve my computers performance? I've noticed that within recent weeks my pc has been slower and laggy when I play games.


  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

When I upgrade my windows will it improve my computers performance? I've noticed that within recent weeks my pc has been slower and laggy when I play games.

 

This is not something I can say. The way I asked you to upgrade, however, gives the opportunity for the operating system to get re-installed in the latest upgrade, fixing any possible corruptions at the same time. So, if that is the case, there will be an improvement. A reason about the slowness while playing games may be also the RAM. You have 8GB RAM and 74% is in use. Most games recommend 16GB of memory for speedy, high-performance play. So increasing the RAM may help. What I can say for sure, is that the computer is now clean, no malware present. 


  • 0

#14
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

I finished updating my pc.


  • 0

#15
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Good job, Eldon!
 
Let's finish it. 

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

 

=====================================
 

Now we know that your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows 10 antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing. ZZZQehw.gif



I'm glad I was able to help you.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP